[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: Re: Draft new version of the SAML 2.0 Profile of XACML 2.1]
Today seems to be my big day for TC mailings :-) Attached are comments from Scott Cantor on the "SAML 2.0 Profile of XACML 2.1" that I mailed out on April 12 (http://www.oasis-open.org/committees/download.php/17672/xacml-2.1-profile-saml2.0-wd-1.zip). Regards, Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
--- Begin Message ---
- From: Scott Cantor <cantor.2@osu.edu>
- To: Anne.Anderson@sun.com
- Date: Wed, 19 Apr 2006 13:23:57 -0400
> I would appreciate any comments you have. Some of you have more > experience using the SAML Profile of XACML than most of the XACML TC > members, so your expertise will be appreciated. I haven't gone through this in detail yet, but I would strongly urge some significant changes to the schemas. In particular, I think the heavy use of sequence extensions and replacement of SAML elements like Assertion and Advice are the wrong way to approach this kind of extension. It was the same mistake Liberty made originally, but with SAML 1.1 we didn't have the schema right to provide alternatives. You have the basics all there correctly, new Statement types, new Request and Response message types, etc. But that's all you should need to do. The core Assertion and Advice elements are already extensible to include new statement and advice content, and I think it would be a mistake to force these XACML elements to the end of the those sequences, or to replace elements like Assertion with your own. That makes life much harder for SAML applications. It is the case that statement extensions can't natively appear in element form because we got rid of substitution, but that's still the proper way to embed a new statement type: <saml:Statement xsi:type="xacml-saml:XACMLStatementType"> With Advice, you don't need anything special, because the choice already includes <any namespace="#other"> in the sequence, so your advice element can appear. But since I'm suggesting you don't want or need an XACMLAssertion element either, you don't really have ny need for anything new in Advice anyway, since Assertions can already appear there. -- Scott--- End Message ---
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]