[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: [xacml-users] SAML statement extension for XACML]
XML experts: Is a substitutionGroup actually needed in order for instances of XACMLAuthzDecisionStatement and XACMLPolicyStatement to be included in a SAML Assertion? Both are defined as extensions of SAML StatementAbstractType, which is "abstract". SAML Assertion includes Statement as one of the inclusion choices, and Statement is also defined as type StatementAbstractType, but it does indeed seem that does not allow something else that is StatementAbstractType to be included in an Assertion. Do we need to get the SSTC to define a SAML substitutionGroup for Statement? It was certainly their intention to allow us to define such extensions. I have forwarded this to Eve Maler. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
--- Begin Message ---
- From: Frederic Deleon <frederic.deleon@crf.canon.fr>
- To: xacml-users@lists.oasis-open.org
- Date: Fri, 23 Sep 2005 17:42:32 +0200
Hello, Specification of SAML 2.0 profile of XACML defines XACMLPolicyStatement and XACMLAuthzDecisionStatement whose types are extensions of SAML StatementAbstractType element. It says that these statements should be placed in SAML Assertion elements (themselves placed inside SAML Response elements). As extended type from Statement I suppose. However, XACMLPolicyStatement and XACMLAuthzDecisionStatement are not defined as possible substitutions for Statement, as there is no "substitutionGroup" attribute in the XML schema, and substitutions are blocked anyway by blobkDefault="substitution" in both schemas (SAML and XACML-SAML profile). So, it seems that putting XACMLPolicyStatement and XACMLAuthzDecisionStatement in SAML assertions is not correct according to schemas. What is your mind about this ? Is schema of SAML extension for XACML profile normative ? Thanks in advance, Sincerely Frédéric Deléon --------------------------------------------------------------------- This publicly archived list supports open discussion on using the XACML OASIS Standard. To minimize spam in the archives, you must subscribe before posting. [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ Alternately, using email: list-[un]subscribe@lists.oasis-open.org List archives: http://lists.oasis-open.org/archives/xacml-users/ Committee homepage: http://www.oasis-open.org/committees/xacml/ List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Join OASIS: http://www.oasis-open.org/join/--- End Message ---
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]