[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Validating XACML policies and requests against XSD
Hi Craig. > >> More specifically, however, I think this came up in the context of which > >> version of XACML was being used. SunXACML can (and I think any good > >> PDP should support this) handle mixing versions of XACML. > > I disagree. A policy that has declared itself to be XACML v2, and contains > XACML v1 elements, is by definition invalid. The XACML v2 specification > has a clearly defined set of valid elements, and the allowable children of > those elements (ie xacmlv2:Rule inside xacmlv2:Policy). Anything that is > not defined in the XSD as an allowable child element is therefore not > valid. Sorry, I should have been more specific. I wasn't talking about an XACML 2.0 policy containing a 1.x element. What I meant was that a PDP should be able to handle both 1.x and 2.0 policies, and handle references from one version to another. I definitely agree that it would be schema-invalid, and therefore generally invalid, for a 2.0 policy to contain a 1.x element. seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]