OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: XACML Namespaces and XSDs


Dear XACML users,

we are using an XACML PDP for the middleware in the TextGrid project
(http://www.textgrid.de/en.html), that uses (originally) the following XSD files

http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd

http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-os.xsd

and referenced from there

http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd


We now found some typos ("23.org" instead of "w3.org", "MinOccurs" instead of
"minOccurs") and some structural XML problems (one ">" too much, problems with
namespace definitions, prefixes, and locations) in this files, so we can not
use them for our PDP web service (code generation, etc).

Are there any newer and corrected or newer versions of the files somewhere?


I'll append our corrected files to this mail, and would gladly receive any
comments.

Thanks a lot and all the best.
Stefan.


--------------------------------------------------------------------------------

http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd

- removed ">", line 54
- changed "www.23.org" into "www.w3.org", line 4
- changed <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security"/>
to
http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd,
line 15 (from http://saml.xml.org/saml-specifications), afterwards removed
since not needed
- changed <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
schemaLocation="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security"/>
to http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd,
line 17 (from http://saml.xml.org/saml-specifications)
- added xmlns:tns="urn:oasis:xacml:2.0:saml:protocol:schema:os" to namespace
definitions, in between lines 9/10
- added tns prefix, line 30

--------------------------------------------------------------------------------

http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-os.xsd

- removed ">"
- changed "www.23.org" into "www.w3.org", line 4
- changed <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security"/>
to
http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd,
line 15 (from http://saml.xml.org/saml-specifications)
- changed <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
schemaLocation="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security"/>
to http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd,
line 17 (from http://saml.xml.org/saml-specifications), afterwards removed
since not needed
- added xmlns:tns="urn:oasis:xacml:2.0:saml:assertion:schema:os" to namespace
definitions
- added tns prefixes
- changes samlp: to saml:
- corrected MinOccurs into minOccurs

--------------------------------------------------------------------------------

http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd

- commented out xs:element minOccurs="0" ref="xacml:CombinerParameters", line
14: element removed due to jaxb compiler problems: you need only one type
CombinerParameters in the sequence, it seems to be superflous in choice

--------------------------------------------------------------------------------


-- 
-----------------------------------------------------------------------
Stefan E. Funk
DAASI International GmbH             Phone DAASI :    +49 7071 407109-6
Europaplatz 3                          Phone SUB :      +49 551 39-7700
D-72072 Tübingen                           Email : stefan.funk@daasi.de
Germany                                      Web :  http://www.daasi.de

Directory Applications for Advanced Security and Information Management
-----------------------------------------------------------------------


<?xml version="1.0" encoding="UTF-8"?>
<xs:schema attributeFormDefault="unqualified"
	elementFormDefault="qualified" targetNamespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
	xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xs="http://www.w3.org/2001/XMLSchema";>
	<!-- -->
	<xs:element name="PolicySet" type="xacml:PolicySetType" />
	<xs:complexType name="PolicySetType">
		<xs:sequence>
			<xs:element minOccurs="0" ref="xacml:Description" />
			<xs:element minOccurs="0" ref="xacml:PolicySetDefaults" />
			<xs:element ref="xacml:Target" />
			<xs:choice maxOccurs="unbounded" minOccurs="0">
				<xs:element ref="xacml:PolicySet" />
				<xs:element ref="xacml:Policy" />
				<xs:element ref="xacml:PolicySetIdReference" />
				<xs:element ref="xacml:PolicyIdReference" />
				<xs:element ref="xacml:CombinerParameters" />
				<xs:element ref="xacml:PolicyCombinerParameters" />
				<xs:element ref="xacml:PolicySetCombinerParameters" />
			</xs:choice>
			<xs:element minOccurs="0" ref="xacml:Obligations" />
		</xs:sequence>
		<xs:attribute name="PolicySetId" type="xs:anyURI" use="required" />
		<xs:attribute default="1.0" name="Version" type="xacml:VersionType" />
		<xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI"
			use="required" />
	</xs:complexType>
	<!-- -->
	<xs:element name="CombinerParameters" type="xacml:CombinerParametersType" />
	<xs:complexType name="CombinerParametersType">
		<xs:sequence>
			<xs:element maxOccurs="unbounded" minOccurs="0"
				ref="xacml:CombinerParameter" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="CombinerParameter" type="xacml:CombinerParameterType" />
	<xs:complexType name="CombinerParameterType">
		<xs:sequence>
			<xs:element ref="xacml:AttributeValue" />
		</xs:sequence>
		<xs:attribute name="ParameterName" type="xs:string" use="required" />
	</xs:complexType>
	<!-- -->
	<xs:element name="RuleCombinerParameters" type="xacml:RuleCombinerParametersType" />
	<xs:complexType name="RuleCombinerParametersType">
		<xs:complexContent>
			<xs:extension base="xacml:CombinerParametersType">
				<xs:attribute name="RuleIdRef" type="xs:string" use="required" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="PolicyCombinerParameters" type="xacml:PolicyCombinerParametersType" />
	<xs:complexType name="PolicyCombinerParametersType">
		<xs:complexContent>
			<xs:extension base="xacml:CombinerParametersType">
				<xs:attribute name="PolicyIdRef" type="xs:anyURI" use="required" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="PolicySetCombinerParameters" type="xacml:PolicySetCombinerParametersType" />
	<xs:complexType name="PolicySetCombinerParametersType">
		<xs:complexContent>
			<xs:extension base="xacml:CombinerParametersType">
				<xs:attribute name="PolicySetIdRef" type="xs:anyURI"
					use="required" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="PolicySetIdReference" type="xacml:IdReferenceType" />
	<xs:element name="PolicyIdReference" type="xacml:IdReferenceType" />
	<!-- -->
	<xs:element name="PolicySetDefaults" type="xacml:DefaultsType" />
	<xs:element name="PolicyDefaults" type="xacml:DefaultsType" />
	<xs:complexType name="DefaultsType">
		<xs:sequence>
			<xs:choice>
				<xs:element ref="xacml:XPathVersion" />
			</xs:choice>
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="XPathVersion" type="xs:anyURI" />
	<!-- -->
	<xs:complexType name="IdReferenceType">
		<xs:simpleContent>
			<xs:extension base="xs:anyURI">
				<xs:attribute name="Version" type="xacml:VersionMatchType"
					use="optional" />
				<xs:attribute name="EarliestVersion" type="xacml:VersionMatchType"
					use="optional" />
				<xs:attribute name="LatestVersion" type="xacml:VersionMatchType"
					use="optional" />
			</xs:extension>
		</xs:simpleContent>
	</xs:complexType>
	<!-- -->
	<xs:simpleType name="VersionType">
		<xs:restriction base="xs:string">
			<xs:pattern value="(\d+\.)*\d+" />
		</xs:restriction>
	</xs:simpleType>
	<!-- -->
	<xs:simpleType name="VersionMatchType">
		<xs:restriction base="xs:string">
			<xs:pattern value="((\d+|\*)\.)*(\d+|\*|\+)" />
		</xs:restriction>
	</xs:simpleType>
	<!-- -->
	<xs:element name="Policy" type="xacml:PolicyType" />
	<xs:complexType name="PolicyType">
		<xs:sequence>
			<xs:element minOccurs="0" ref="xacml:Description" />
			<xs:element minOccurs="0" ref="xacml:PolicyDefaults" />
			<xs:element minOccurs="0" ref="xacml:CombinerParameters" />
			<xs:element ref="xacml:Target" />
			<xs:choice maxOccurs="unbounded">
				<!-- xs:element minOccurs="0" ref="xacml:CombinerParameters" / -->
				<!-- element removed due to jaxb compiler problems: you need only one 
					type CombinerParameters in the sequence, it seems to be superflous in choice -->
				<xs:element minOccurs="0" ref="xacml:RuleCombinerParameters" />
				<xs:element ref="xacml:VariableDefinition" />
				<xs:element ref="xacml:Rule" />
			</xs:choice>
			<xs:element minOccurs="0" ref="xacml:Obligations" />
		</xs:sequence>
		<xs:attribute name="PolicyId" type="xs:anyURI" use="required" />
		<xs:attribute default="1.0" name="Version" type="xacml:VersionType" />
		<xs:attribute name="RuleCombiningAlgId" type="xs:anyURI"
			use="required" />
	</xs:complexType>
	<!-- -->
	<xs:element name="Description" type="xs:string" />
	<!-- -->
	<xs:element name="Rule" type="xacml:RuleType" />
	<xs:complexType name="RuleType">
		<xs:sequence>
			<xs:element minOccurs="0" ref="xacml:Description" />
			<xs:element minOccurs="0" ref="xacml:Target" />
			<xs:element minOccurs="0" ref="xacml:Condition" />
		</xs:sequence>
		<xs:attribute name="RuleId" type="xs:string" use="required" />
		<xs:attribute name="Effect" type="xacml:EffectType" use="required" />
	</xs:complexType>
	<!-- -->
	<xs:simpleType name="EffectType">
		<xs:restriction base="xs:string">
			<xs:enumeration value="Permit" />
			<xs:enumeration value="Deny" />
		</xs:restriction>
	</xs:simpleType>
	<!-- -->
	<xs:element name="Target" type="xacml:TargetType" />
	<xs:complexType name="TargetType">
		<xs:sequence>
			<xs:element minOccurs="0" ref="xacml:Subjects" />
			<xs:element minOccurs="0" ref="xacml:Resources" />
			<xs:element minOccurs="0" ref="xacml:Actions" />
			<xs:element minOccurs="0" ref="xacml:Environments" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="Subjects" type="xacml:SubjectsType" />
	<xs:complexType name="SubjectsType">
		<xs:sequence>
			<xs:element maxOccurs="unbounded" ref="xacml:Subject" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="Subject" type="xacml:SubjectType" />
	<xs:complexType name="SubjectType">
		<xs:sequence>
			<xs:element maxOccurs="unbounded" ref="xacml:SubjectMatch" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="Resources" type="xacml:ResourcesType" />
	<xs:complexType name="ResourcesType">
		<xs:sequence>
			<xs:element maxOccurs="unbounded" ref="xacml:Resource" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="Resource" type="xacml:ResourceType" />
	<xs:complexType name="ResourceType">
		<xs:sequence>
			<xs:element maxOccurs="unbounded" ref="xacml:ResourceMatch" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="Actions" type="xacml:ActionsType" />
	<xs:complexType name="ActionsType">
		<xs:sequence>
			<xs:element maxOccurs="unbounded" ref="xacml:Action" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="Action" type="xacml:ActionType" />
	<xs:complexType name="ActionType">
		<xs:sequence>
			<xs:element maxOccurs="unbounded" ref="xacml:ActionMatch" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="Environments" type="xacml:EnvironmentsType" />
	<xs:complexType name="EnvironmentsType">
		<xs:sequence>
			<xs:element maxOccurs="unbounded" ref="xacml:Environment" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="Environment" type="xacml:EnvironmentType" />
	<xs:complexType name="EnvironmentType">
		<xs:sequence>
			<xs:element maxOccurs="unbounded" ref="xacml:EnvironmentMatch" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="SubjectMatch" type="xacml:SubjectMatchType" />
	<xs:complexType name="SubjectMatchType">
		<xs:sequence>
			<xs:element ref="xacml:AttributeValue" />
			<xs:choice>
				<xs:element ref="xacml:SubjectAttributeDesignator" />
				<xs:element ref="xacml:AttributeSelector" />
			</xs:choice>
		</xs:sequence>
		<xs:attribute name="MatchId" type="xs:anyURI" use="required" />
	</xs:complexType>
	<!-- -->
	<xs:element name="ResourceMatch" type="xacml:ResourceMatchType" />
	<xs:complexType name="ResourceMatchType">
		<xs:sequence>
			<xs:element ref="xacml:AttributeValue" />
			<xs:choice>
				<xs:element ref="xacml:ResourceAttributeDesignator" />
				<xs:element ref="xacml:AttributeSelector" />
			</xs:choice>
		</xs:sequence>
		<xs:attribute name="MatchId" type="xs:anyURI" use="required" />
	</xs:complexType>
	<!-- -->
	<xs:element name="ActionMatch" type="xacml:ActionMatchType" />
	<xs:complexType name="ActionMatchType">
		<xs:sequence>
			<xs:element ref="xacml:AttributeValue" />
			<xs:choice>
				<xs:element ref="xacml:ActionAttributeDesignator" />
				<xs:element ref="xacml:AttributeSelector" />
			</xs:choice>
		</xs:sequence>
		<xs:attribute name="MatchId" type="xs:anyURI" use="required" />
	</xs:complexType>
	<!-- -->
	<xs:element name="EnvironmentMatch" type="xacml:EnvironmentMatchType" />
	<xs:complexType name="EnvironmentMatchType">
		<xs:sequence>
			<xs:element ref="xacml:AttributeValue" />
			<xs:choice>
				<xs:element ref="xacml:EnvironmentAttributeDesignator" />
				<xs:element ref="xacml:AttributeSelector" />
			</xs:choice>
		</xs:sequence>
		<xs:attribute name="MatchId" type="xs:anyURI" use="required" />
	</xs:complexType>
	<!-- -->
	<xs:element name="VariableDefinition" type="xacml:VariableDefinitionType" />
	<xs:complexType name="VariableDefinitionType">
		<xs:sequence>
			<xs:element ref="xacml:Expression" />
		</xs:sequence>
		<xs:attribute name="VariableId" type="xs:string" use="required" />
	</xs:complexType>
	<!-- -->
	<xs:element abstract="true" name="Expression" type="xacml:ExpressionType" />
	<xs:complexType abstract="true" name="ExpressionType" />
	<!-- -->
	<xs:element name="VariableReference" substitutionGroup="xacml:Expression"
		type="xacml:VariableReferenceType" />
	<xs:complexType name="VariableReferenceType">
		<xs:complexContent>
			<xs:extension base="xacml:ExpressionType">
				<xs:attribute name="VariableId" type="xs:string" use="required" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="AttributeSelector" substitutionGroup="xacml:Expression"
		type="xacml:AttributeSelectorType" />
	<xs:complexType name="AttributeSelectorType">
		<xs:complexContent>
			<xs:extension base="xacml:ExpressionType">
				<xs:attribute name="RequestContextPath" type="xs:string"
					use="required" />
				<xs:attribute name="DataType" type="xs:anyURI" use="required" />
				<xs:attribute default="false" name="MustBePresent"
					type="xs:boolean" use="optional" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="ResourceAttributeDesignator"
		substitutionGroup="xacml:Expression" type="xacml:AttributeDesignatorType" />
	<xs:element name="ActionAttributeDesignator"
		substitutionGroup="xacml:Expression" type="xacml:AttributeDesignatorType" />
	<xs:element name="EnvironmentAttributeDesignator"
		substitutionGroup="xacml:Expression" type="xacml:AttributeDesignatorType" />
	<!-- -->
	<xs:complexType name="AttributeDesignatorType">
		<xs:complexContent>
			<xs:extension base="xacml:ExpressionType">
				<xs:attribute name="AttributeId" type="xs:anyURI" use="required" />
				<xs:attribute name="DataType" type="xs:anyURI" use="required" />
				<xs:attribute name="Issuer" type="xs:string" use="optional" />
				<xs:attribute default="false" name="MustBePresent"
					type="xs:boolean" use="optional" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="SubjectAttributeDesignator"
		substitutionGroup="xacml:Expression" type="xacml:SubjectAttributeDesignatorType" />
	<xs:complexType name="SubjectAttributeDesignatorType">
		<xs:complexContent>
			<xs:extension base="xacml:AttributeDesignatorType">
				<xs:attribute
					default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
					name="SubjectCategory" type="xs:anyURI" use="optional" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="AttributeValue" substitutionGroup="xacml:Expression"
		type="xacml:AttributeValueType" />
	<xs:complexType mixed="true" name="AttributeValueType">
		<xs:complexContent mixed="true">
			<xs:extension base="xacml:ExpressionType">
				<xs:sequence>
					<xs:any maxOccurs="unbounded" minOccurs="0" namespace="##any"
						processContents="lax" />
				</xs:sequence>
				<xs:attribute name="DataType" type="xs:anyURI" use="required" />
				<xs:anyAttribute namespace="##any" processContents="lax" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="Function" substitutionGroup="xacml:Expression"
		type="xacml:FunctionType" />
	<xs:complexType name="FunctionType">
		<xs:complexContent>
			<xs:extension base="xacml:ExpressionType">
				<xs:attribute name="FunctionId" type="xs:anyURI" use="required" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="Condition" type="xacml:ConditionType" />
	<xs:complexType name="ConditionType">
		<xs:sequence>
			<xs:element ref="xacml:Expression" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="Apply" substitutionGroup="xacml:Expression"
		type="xacml:ApplyType" />
	<xs:complexType name="ApplyType">
		<xs:complexContent>
			<xs:extension base="xacml:ExpressionType">
				<xs:sequence>
					<xs:element maxOccurs="unbounded" minOccurs="0"
						ref="xacml:Expression" />
				</xs:sequence>
				<xs:attribute name="FunctionId" type="xs:anyURI" use="required" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="Obligations" type="xacml:ObligationsType" />
	<xs:complexType name="ObligationsType">
		<xs:sequence>
			<xs:element maxOccurs="unbounded" ref="xacml:Obligation" />
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:element name="Obligation" type="xacml:ObligationType" />
	<xs:complexType name="ObligationType">
		<xs:sequence>
			<xs:element maxOccurs="unbounded" minOccurs="0"
				ref="xacml:AttributeAssignment" />
		</xs:sequence>
		<xs:attribute name="ObligationId" type="xs:anyURI" use="required" />
		<xs:attribute name="FulfillOn" type="xacml:EffectType"
			use="required" />
	</xs:complexType>
	<!-- -->
	<xs:element name="AttributeAssignment" type="xacml:AttributeAssignmentType" />
	<xs:complexType mixed="true" name="AttributeAssignmentType">
		<xs:complexContent mixed="true">
			<xs:extension base="xacml:AttributeValueType">
				<xs:attribute name="AttributeId" type="xs:anyURI" use="required" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
</xs:schema>


<?xml version="1.0" encoding="UTF-8"?>
<schema attributeFormDefault="unqualified" blockDefault="substitution"
	elementFormDefault="unqualified" targetNamespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
	version="2.0" xmlns="http://www.w3.org/2001/XMLSchema"; xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
	xmlns:tns="urn:oasis:xacml:2.0:saml:assertion:schema:os" xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
	xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
	xmlns:xs="http://www.w3.org/2001/XMLSchema";>
	<!-- corrected www.23.org to www.w3.org -->
	<!-- added xmlns:tns="urn:oasis:xacml:2.0:saml:assertion:schema:os" above -->
	<xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
		schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"; />
	<!-- added correct URL to schema location for namespace urn:oasis:names:tc:SAML:2.0:assertion 
		above -->
	<!-- removed import of unused protocol namespace -->
	<xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
		schemaLocation="./access_control-xacml-2.0-context-schema-os.xsd" />
	<xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
		schemaLocation="./access_control-xacml-2.0-policy-schema-os.xsd" />
	<xs:annotation>
		<xs:documentation> Document identifier:
			access_control-xacml-2.0-saml-assertion-schema-cd-02.xsd Location:
			http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-cd-os.xsd
		</xs:documentation>
	</xs:annotation>
	<!-- -->
	<xs:element name="XACMLAuthzDecisionStatement" type="tns:XACMLAuthzDecisionStatementType" />
	<!-- added tns: to type above -->
	<xs:complexType name="XACMLAuthzDecisionStatementType">
		<xs:complexContent>
			<xs:extension base="saml:StatementAbstractType">
				<!-- changed samlp: into saml: -->
				<xs:sequence>
					<xs:element ref="xacml-context:Response" />
					<xs:element minOccurs="0" ref="xacml-context:Request" />
					<!-- corrected MinOccurs to minOccurs -->
				</xs:sequence>
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="XACMLPolicyStatement" type="tns:XACMLPolicyStatementType" />
	<!-- added tns: to type above -->
	<xs:complexType name="XACMLPolicyStatementType">
		<xs:complexContent>
			<xs:extension base="saml:StatementAbstractType">
				<!-- changed samlp: into saml: -->
				<xs:choice maxOccurs="unbounded" minOccurs="0">
					<!-- removed superflous &gt behind "unbounded" -->
					<xs:element ref="xacml:Policy" />
					<xs:element ref="xacml:PolicySet" />
				</xs:choice>
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
</schema>


<?xml version="1.0" encoding="UTF-8"?>
<schema attributeFormDefault="unqualified" blockDefault="substitution"
	elementFormDefault="unqualified" targetNamespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
	version="2.0" xmlns="http://www.w3.org/2001/XMLSchema"; xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
	xmlns:tns="urn:oasis:xacml:2.0:saml:protocol:schema:os" xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
	xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
	xmlns:xs="http://www.w3.org/2001/XMLSchema";>
	<!-- corrected www.23.org to www.w3.org -->
	<!-- added xmlns:tns="urn:oasis:xacml:2.0:saml:protocol:schema:os" above -->
	<xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
		schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"; />
	<!-- added correct URL to schema location for namespace urn:oasis:names:tc:SAML:2.0:protocol 
		above -->
	<!-- removed import of unused assertion namespace -->
	<xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
		schemaLocation="./access_control-xacml-2.0-context-schema-os.xsd" />
	<xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
		schemaLocation="./access_control-xacml-2.0-policy-schema-os.xsd" />
	<xs:annotation>
		<xs:documentation> Document identifier:
			access_control-xacml-2.0-saml-protocol-schema-os.xsd Location:
			http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd
		</xs:documentation>
	</xs:annotation>
	<!-- -->
	<xs:element name="XACMLAuthzDecisionQuery" type="tns:XACMLAuthzDecisionQueryType" />
	<!-- added tns: to type above -->
	<xs:complexType name="XACMLAuthzDecisionQueryType">
		<xs:complexContent>
			<xs:extension base="samlp:RequestAbstractType">
				<xs:sequence>
					<xs:element ref="xacml-context:Request" />
				</xs:sequence>
				<xs:attribute default="false" name="InputContextOnly"
					type="boolean" use="optional" />
				<xs:attribute default="false" name="ReturnContext"
					type="boolean" use="optional" />
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="XACMLPolicyQuery" type="tns:XACMLPolicyQueryType" />
	<xs:complexType name="XACMLPolicyQueryType">
		<xs:complexContent>
			<xs:extension base="samlp:RequestAbstractType">
				<xs:choice maxOccurs="unbounded" minOccurs="0">
					<!-- removed superflous &gt behind "unbounded" -->
					<xs:element ref="xacml-context:Request" />
					<xs:element ref="xacml:Target" />
					<xs:element ref="xacml:PolicySetIdReference" />
					<xs:element ref="xacml:PolicyIdReference" />
				</xs:choice>
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
</schema>




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]