OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] ISSUE: xacml 2.0 schema location (relates to issue#69:)appears to have moved, possibly invalidating schemas


This issue has now been addressed and the current schemas and examples
appear to be working properly. After further discussion with Anne and
the OASIS technical staff, it was decided that the OASIS staff would put
links in the "/xacml" directory to the 2 .xsd files in the "/xacml/2.0" directory.
(see email copied below)

I have tested it and it appears to work fine. We will still need to decide what
to do about issue #69, but I am not sure if what has been done doesn't in fact
represent a reasonable solution, assuming everything remains permanent.
However, the TC can discuss that in future meetings. For now, at least,
I think it will meet our needs thru the Interop.


-------- Original Message --------
Subject: Re: [Fwd: Re: [xacml] ISSUE: xacml 2.0 schema location appears to have moved, possibly invalidating schemas]
Date: Wed, 16 May 2007 11:41:35 -0400 (EDT)
From: Robin Cover <robin@oasis-open.org>
To: Rich Levinson <rich.levinson@oracle.com>
CC: Anne.Anderson@sun.com, Robin Cover <robin.cover@oasis-open.org>, Mary McRae <mary.mcrae@oasis-open.org>, webmaster@oasis-open.org
References: <464A0101.2070606@Sun.COM> <Pine.LNX.4.58.0705151604340.20414@dev.oasis-open.org> <464A2196.5090704@Sun.COM> <464A2D80.7080103@oracle.com> <464A4D54.5010100@Sun.COM> <464A5CF9.3020008@oracle.com>


I created two symlinks to yield resources at these two URIs:

# http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd
# http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd

Can you confirm that this resolves the issue for you?



Anne Anderson - Sun Microsystems wrote:

-------- Original Message --------
Subject: Re: [xacml] ISSUE: xacml 2.0 schema location appears to have moved, possibly invalidating schemas
Date: Tue, 15 May 2007 12:42:56 -0400
From: Anne Anderson - Sun Microsystems <Anne.Anderson@sun.com>
Organization: Sun Microsystems, Inc.
To: Rich Levinson <rich.levinson@oracle.com>
CC: xacml <xacml@lists.oasis-open.org>
References: 46490F0D.6050706@oracle.com"><46490F0D.6050706@oracle.com> 464996C2.6000004@Sun.COM"><464996C2.6000004@Sun.COM> 4649DA3F.1050602@oracle.com"><4649DA3F.1050602@oracle.com>

Rich, we can't just do that.  That is the approved XACML 2.0 OASIS Standard, like it or not.  We plan to fix it as errata, but that is not exactly a lightweight process itself.

The link was right when XACML 2.0 was approved - OASIS changed the structure of their directories afterwards, and that is when it broke.

Given that it was an OASIS process change that broke it, perhaps you can persuade the OASIS powers that be to let us change it without going through the errata approval process.  The other alternative, possibly easier, is to convince them to store a copy of it in the old location at http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd


Rich Levinson wrote:
Hi Anne,

That .zip file just contains the .doc, .pdf, .odt for the XACML 2.0 core spec.

My main concern is that what exists now does not work. My suggestion is
that we simply insert the "/2.0" in the context spec:


i.e replace:

  <xs:import namespace="*urn:oasis:names:tc:xacml:2.0:policy:schema:os*" schemaLocation="*http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd*" />


  <xs:import namespace="*urn:oasis:names:tc:xacml:2.0:policy:schema:os*" schemaLocation="*http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd*" />

in the document that is posted there now.

The problem is that the first thing users find is that the path is not correct.
Ok, fixing the path in the local xml files is not a big problem and it is
something the customer can control.

But then they also find if they reference the context doc that it, itself,
has a bad ref that they can't do anything about. This will be major
inconvenience. *In particular, I am doing work for the Interop and
don't know what to do to address this problem.*

Again, my recommendation is that we put the quick fix in the context
file so that people can actually use things from the web site.


Anne Anderson wrote:

Existing Issue#69.  I haven't checked, but it may also be fixed in the schema included in the XACML 2.0 Errata at http://www.oasis-open.org/committees/download.php/19135/access_control-xacml-2.0-core-spec-os-errata.zip


Rich Levinson wrote:

I have been trying to validate some messages and appear to have
uncovered a problem with the xacml 2.0 schemas.

On the web site the schema locations are:


However, the context schema has a pointer to the policy schema that says:

 <xs:import namespace="*urn:oasis:names:tc:xacml:2.0:policy:schema:os*" schemaLocation="*http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd*" />

Note /xacml/ is not followed by "2.0" as it is in the actual locations above,
which causes the schema file not to be found on validate.

This also shows up in what appears to be all the sample messages.

Please advise.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]