RE: [xacml-users] Which XSD of SAML Profile of XACML to use?

["Nick Duan" <nduan@verizon.net>]

Thanks Rich, David for your prompt response!

 

Yes, I did check the errata version of the xacml-samlp and xacml-saml xsd.   Apparently some of the typo’s have been fixed.  

 

However, after double checking the SAML of XACML 2.0 spec (Aug. 10, 2010), I realized that the spec did call for using the wd-13 version of the two schemas (namespace list on page 11).   There are also some structural changes btw the os version and the ws-13 version.  For instance, the xacml:Target element in the os version is removed from xacml-samlp:XACMLPolicyQueryType in the wd-13 version of xacml-samlp.

 

I guess I will use the wd-13 version of the schema for now.  But if the XAXML TC could make their web site links more clearer, it would be very helpful.

 

Thanks!

 

ND

 

From: rich levinson [mailto:rich.levinson@oracle.com]
Sent: Wednesday, June 22, 2011 3:54 PM
To: Nick Duan
Cc: David Brossard; xacml-users@lists.oasis-open.org
Subject: Re: [xacml-users] Which XSD of SAML Profile of XACML to use?

 

Hi Nick,

Have you checked the XACML TC main page:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#technical

in particular, the SAML 2.0 profile of XACML refers to the XACML 2.0 errata just below it,
which has different schema files. These errata files should be correct as we have used
them in Interops:
Corrected assertion schema:
http://www.oasis-open.org/committees/download.php/11474/access_control-xacml-2.0-saml-assertion-schema-os.xsd
Corrected protocol schema:
http://www.oasis-open.org/committees/download.php/11475/access_control-xacml-2.0-saml-protocol-schema-os.xsd

Thanks,
Rich



On 6/22/2011 2:00 PM, David Brossard wrote:

Hi Nick,

My understanding is that the initial SAML profile of XACML was specific to XACML 2.0. With the new XACML 3.0 specification, that profile was updated to cater for XACML 2.0 and XACML 3.0 at the same time.

These are the links you should focus on (copied from http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#CURRENT):

• SAML 2.0 Profile of XACML, Version 2.0
  Committee Specification 01, 10 August 2010
  (covers XACML 1.0, 1.1, 2.0, 3.0)
• SAML 2.0 Profile of XACML, Version 2 (pdf) (covers XACML v1.0, v1.1, v2.0, v3.0)
• XACML 1.0: schema-protocol (xsd)
• XACML 1.0: schema-assertion (xsd)
• XACML 1.1: schema-protocol (xsd)
• XACML 1.1: schema-assertion (xsd)
• XACML 2.0: schema-protocol (xsd)
• XACML 2.0: schema-assertion (xsd)
• XACML 3.0: schema-protocol (xsd)
• XACML 3.0: schema-assertion (xsd)

WD 13 does stand for working draft.

Based on the latest work on the core XACML specification, I doubt the SAML profile will be impacted but Erik, the editor, will know best.

On Wed, Jun 22, 2011 at 6:36 PM, Nick Duan <nduan@verizon.net> wrote:

The official xsd files published under SAML Profile of XACML 2.0 (access_control-xacml-2.0-saml-protocol-schema-os.xsd & access_control-xacml-2.0-saml-assertion-schema-os.xsd) seem to contain some bugs and won’t validate.   I found the other two new xsd files under XACML 3.0 link on OASIS web site (xacml-2.0-profile-saml2.0-v2-schema-assertion-wd-13.xsd & xacml-2.0-profile-saml2.0-v2-schema-protocol-wd-13.xsd) that have no validation errors.  

 

So my question is, are these two xsd files (xxx-wd-13.xsd) the latest version of xacml-samlp & xacml-saml?  If yes, why they are labeled with wd-13 (I believe wd stands for working draft)?  If not,  Is the XACML TC going to come up with new schema files for xacml-samlp and xacml-saml?

 

Thanks a lot!

 

ND

--
David Brossard, M.Eng, SCEA, CSTP
Solutions Architect
+46(0)760 25 85 75
Axiomatics AB
Skeppsbron 40
S-111 30 Stockholm, Sweden
http://www.linkedin.com/companies/536082
http://www.axiomatics.com
http://twitter.com/axiomatics