[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SAML 2.0 Profile of XACML 2.0, Version 2, WD 2, 26 June 2006
I have submitted Working Draft 2 of the revised SAML 2.0 Profile to the document repository at http://www.oasis-open.org/committees/download.php/18921/xacml-2.0-profile-saml2.0-v2-wd-2.zip It is also linked off the TC Home Page under "Work in Progess". I. Description of changes from Working Draft 1: - In response to comments from SAML and XML experts, this draft does not define new XACML elements for Statements, Assertions, Responses, or Advice. Instead, it describes in detail and with examples exactly how to include instances of the new XACML extension types - XACMLAuthzDecisionStatementType and XACMLPolicyStatementType - in standard SAML elements. - In response to comments from XACML TC members, the name of the profile has been changed from "SAML 2.0 Profile of XACML 2.1" to "SAML 2.0 Profile of XACML 2.0, Version 2". TC members objected to "2.1" since this is still a profile of XACML 2.0. File and schema names have been changed accordingly. - In response to comments from users of the previous profile, this draft describes use of the standard SAML "ID" XML attribute in the new XACMLAuthzDecisionQuery and XACMLPolicyQuery elements, and the standard SAML "InResponseTo" XML attribute in the standard SAML Response element as a way of correlating responses with requests. II. Description of changes from "SAML 2.0 Profile of XACML 2.0" OASIS Standard carried over from Working Draft 1 and Errata: - In XACMLAuthzDecisionStatementType, change "ReturnResponse" to "ReturnContext" in the description - In the description of Authorization Decisions, change "in the Response to an <XACMLAuthzDecisionStatement>" to "in the Response to an <XACMLAuthzQuery>". - Allow an XACMLAuthzDecisionQuery to include an XACML Policy or PolicySet for use in evaluating that query only. In both schemas: - Change targetNamespace value from "urn:oasis:xacml:2.0:saml:assertion[protocol]:schema:os" to "urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion[protocol]" [":v2:" added in WD 2] - Change xmlns:xs="http://www.23.org/2001/XMLSchema"; to xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - Remove "xs:" qualifier before names defined in XML Schema. For example "<xs:complexType>" becomes just "<complexType>" In Assertion schema: - Omit xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" and corresponding import namespace, since SAML protocol schema is not referenced - Define xmlns:xacml-saml="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion" [":v2:" added in WD 2] - Change schemaLocation for imported SAML namespace from "http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security"; to "http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"; - In definition of XACMLPolicyStatementType, change base="samlp:StatementAbstractType" to base="saml:StatementAbstractType" In Protocol schema: - Define xmlns:xacml-saml="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion" and xmlns:xacml-samlp="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol" - Add <import namespace="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion" schemaLocation="http://docs.oasis-open.org/xacml/2.0/xacml-2.0-profile-saml2.0-v2-schema-assertion-wd-2.xsd"; /> -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]