OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SAML 2.0 Profile of XACML 2.0, Version 2, WD 2, 26 June 2006

I have submitted Working Draft 2 of the revised SAML 2.0 Profile to the 
document repository at 
It is also linked off the TC Home Page under "Work in Progess".

I. Description of changes from Working Draft 1:

- In response to comments from SAML and XML experts, this draft does not 
define new XACML elements for Statements, Assertions, Responses, or 
Advice.  Instead, it describes in detail and with examples exactly how 
to include instances of the new XACML extension types - 
XACMLAuthzDecisionStatementType and XACMLPolicyStatementType - in 
standard SAML elements.

- In response to comments from XACML TC members, the name of the profile 
has been changed from "SAML 2.0 Profile of XACML 2.1" to "SAML 2.0 
Profile of XACML 2.0, Version 2".  TC members objected to "2.1" since 
this is still a profile of XACML 2.0.  File and schema names have been 
changed accordingly.

- In response to comments from users of the previous profile, this draft 
describes use of the standard SAML "ID" XML attribute in the new 
XACMLAuthzDecisionQuery and XACMLPolicyQuery elements, and the standard 
SAML "InResponseTo" XML attribute in the standard SAML Response element 
as a way of correlating responses with requests.

II. Description of changes from "SAML 2.0 Profile of XACML 2.0" OASIS 
Standard carried over from Working Draft 1 and Errata:

- In XACMLAuthzDecisionStatementType, change "ReturnResponse" to 
"ReturnContext" in the description

- In the description of Authorization Decisions, change "in the Response 
to an <XACMLAuthzDecisionStatement>" to "in the Response to an 

- Allow an XACMLAuthzDecisionQuery to include an XACML Policy or 
PolicySet for use in evaluating that query only.

In both schemas:

- Change targetNamespace value from 
"urn:oasis:xacml:2.0:saml:assertion[protocol]:schema:os" to 
[":v2:" added in WD 2]

- Change xmlns:xs="http://www.23.org/2001/XMLSchema"; to 

- Remove "xs:" qualifier before names defined in XML Schema.  For 
example "<xs:complexType>" becomes just "<complexType>"

In Assertion schema:

- Omit xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" and 
corresponding import namespace, since SAML protocol schema is not referenced

- Define 
[":v2:" added in WD 2]

- Change schemaLocation for imported SAML namespace from 
"http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security"; to 

- In definition of XACMLPolicyStatementType, change 
base="samlp:StatementAbstractType" to base="saml:StatementAbstractType"

In Protocol schema:

- Define 

- Add <import 

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]