[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comments on SAML 2.0 Profile of XACML, Version 2, Working Draft 4,15 June 2007
Colleagues, I have submitted Working Draft 4 of the SAML 2.0 Profile of XACML, Version 2. The XACML TC Home Page "Work in Progress" section has been updated to link to this new draft. I will be on vacation until 28 June 2007, so will not be able to respond to comments until then. This is the last SAML Profile Working Draft that I will be editing, so we need a volunteer to take this on - I believe almost all of the work has now been done; there are only two open issues, and a some additions to the Holders element that Erik will be providing. Why are we doing a "Version 2" of this Profile? Version 2 fixes the various errors that have been discovered in the OASIS Standard version that was approved in February 2005. It includes a much better description of how to use the new types with standard SAML elements, since this has been very confusing to implementers. It includes support for XACML 3.0 Administrative Policy, adds the ability to pass policies with the XACMLAuthzDecisionQuery (with or without XACML 3.0 Administrative Policy), and makes a first pass at defining SAML Metadata. Version 2 is also designed to work with any version of XACML, so there are separate versions of the schemas for use with XACML 1.0, 1.1, 2.0, and 3.0. Only the 3.0 schema versions, however, have the types and elements that require XACML 3.0 Administrative Policy support. The following changes have been made since Working Draft 3 -throughout: used actual schema elements rather than invented names except when speaking about instances embedded in other instances (e.g. rather than SAML Attribute, but SAML Attribute Response rather than ). -throughout: changed SHALL to MUST -throughout: added namespace designators to schema items and added additional namespace prefixes to list in Section 1.4 -Figure 1 updated the “Components and messages diagram to use same names as text -2.1.1 Clarified that implementations need not create actual instances so long as PDP can obtain corresponding values as if such instances existed. -2.1.1 Reworded description of NotBefore, NotOnOrAfter relationship to XACML date/time Attributes to be more clear -3.4,7,B.1 Inserted non-normative notes referring to open issues in relevant places -3.4,4.1 Clarified that the ReferencedPolicies element need not contain policies that receiver is not authorized to view -3.9 Clarified that Policy[Set]IdReference values must exactly match corresponding Policy[Set]Id values in the ReferencedPolicies element. -3.7 Changed “AttributeMatch” to “Match” to fit 3.0 schema -3.9,schemas:Fixed schema for ReferencedPolicies so it validates -3.4,4.1 Reworded AssignedAttributes and XACMLAuthzDecisionQuery Policy[Set] descriptions to clarify that the values must not be used except with the given Request “unless associated with the ... independently of the Request” -4.1,4.2 Add ReferencedPolicies element to XACMLPolicyStatementType -4.6 Reworded so to allow Response that is not issued in response to a specific Query -7 Added first draft of SAML Metadata -8 Added urn for SAML Metadata functionality Regards, Anne -- Anne H. Anderson, Sun Microsystems Laboratories 1 Network Drive,UBUR02-311, Burlington, MA 01803-0902 USA Tel: 781/442-0928 Fax: 781/442-1692 Email: Anne.Anderson@Sun.COM until mid-August 2007 Email: Anne.Anderson@alum.swarthmore.edu after mid-August 2007
--- Begin Message ---
- From: Anne.Anderson@sun.com
- To: xacml@lists.oasis-open.org
- Date: Fri, 15 Jun 2007 21:19:09 +0000
The document named SAML 2.0 Profile of XACML, Version 2, Working Draft 4, 15 June 2007 (xacml-profile-saml2.0-v2-wd-4.zip) has been submitted by Anne Anderson to the OASIS eXtensible Access Control Markup Language (XACML) TC document repository. Document Description: This is a revision and extension of the SAML 2.0 Profile of XACML 2.0 that became an OASIS Standard in February 2005. This revision correct errors that have been found in the February 2005 Standard and adds additional functionality, primarily related to XACML 3.0 Administrative Policy. View Document Details: http://www.oasis-open.org/apps/org/workgroup/xacml/document.php?document_id=24389 Download Document: http://www.oasis-open.org/apps/org/workgroup/xacml/download.php/24389/xacml-profile-saml2.0-v2-wd-4.zip PLEASE NOTE: If the above links do not work for you, your email application may be breaking the link into two pieces. You may be able to copy and paste the entire link address into the address field of your web browser. -OASIS Open Administration--- End Message ---
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]