OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] [schema] replacement for SAML AssertionType

For people operating in an X.509 Attribute Certificate
environment, or supporting some kind of assertion format other
than saml, it would be nice if XACML did not force people to
support SAML.  Currently, we have the following saml artifacts:

 - PolicySetAssertion and PolicyAssertion in PolicySetType are of type

 - PolicySetStatementType extends saml:StatementAbstractType
 - PolicyStatementType extends saml:StatementAbstractType

Why not define XACML:AssertionType as follows:

        <complexType name="AssertionType">
                                <element ref="xacml:PolicySetStatement"/>
                                <element ref="xacml:PolicyStatement"/>
                <attribute name="MajorVersion" type="integer" use="optional"/>
                <attribute name="MinorVersion" type="integer" use="optional"/>
                <attribute name="AssertionID" type="xs:anyURI" use="optional"/>
                <attribute name="Issuer" type="string" use="optional"/>
                <attribute name="IssueInstant" type="dateTime" use="optional"/>

And remove the "xs:extension base="saml:StatementAbstractType"
from PolicySetStatementType and PolicyStatementType.

Now, it is still very easy to map saml Assertions to XACML, it is
easier to ensure that when we use an xacml:AssertionType that it
is either a PolicySetStatement or a PolicyStatement, and it is no
longer necessary to support SAML.

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC