[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] FW: Invalid XSDs in SAML 2.0 profile of XACML
Hi Prateek, I sent the attached reply to Hal and lists earlier, but not sure how far it got because I was not authorized for all the lists. Thanks, Rich Prateek Mishra wrote: > This sounds to me like a XACML issue - I am resending the email to the > XACML list. > > Rich, did we run across this in the interop - or did we just use the > new draft that Anne had prepared? > > - prateek > > >> -----Original Message----- >> From: Rüdiger Gartmann [mailto:ruediger.gartmann@uni-muenster.de] >> Sent: Wednesday, August 29, 2007 12:33 PM >> To: Hal Lockhart >> Subject: Invalid XSDs in SAML 2.0 profile of XACML >> Hal, >> >> I hope you are the right person to address, at least you may know the >> right person... >> >> Trying to implement the SAML 2.0 profile of XACML v2.0 (see >> http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-profile-spec-os.pdf) >> we found out that the XSDs which are provided on the OASIS web site >> (http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-os.xsd >> and >> http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd) >> are invalid. They include a couple of typos, missing namespace >> declarations, etc. I attached two revised versions to this mail which >> validate correctly. >> >> I am wondering if nobody had the same problems, especially since this >> standard was released in 2005 (and the drafts had been out even >> earlier, including the same errors). >> >> Maybe you can send me some feedback if I did anything wrong or what >> the reason for these errors is. >> >> Best regards, >> Rüdiger >> >> P.S.: I am using XMLSpy 2007... >> >> ------------------------------------------------------------------------ >> >> <?xml version="1.0" encoding="UTF-8"?> >> <schema xmlns="http://www.w3.org/2001/XMLSchema" >> xmlns:xacmlsaml="urn:oasis:xacml:2.0:saml:assertion:schema:os" >> xmlns:xs="http://www.w3.org/2001/XMLSchema" >> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" >> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" >> xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" >> targetNamespace="urn:oasis:xacml:2.0:saml:assertion:schema:os" >> elementFormDefault="unqualified" attributeFormDefault="unqualified" >> blockDefault="substitution" version="2.0"> >> <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" >> schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"/> >> >> <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" >> schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"/> >> >> <import >> namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os" >> schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd"/> >> >> <import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" >> schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"/> >> >> <annotation> >> <documentation> >> Document identifier: >> access_control-xacml-2.0-saml-assertion-schema-cd-02.xsd >> Location: >> http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-cd-os.xsd >> >> </documentation> >> </annotation> >> <!-- --> >> <element name="XACMLAuthzDecisionStatement" >> type="xacmlsaml:XACMLAuthzDecisionStatementType"/> >> <complexType name="XACMLAuthzDecisionStatementType"> >> <complexContent> >> <extension base="saml:StatementAbstractType"> >> <sequence> >> <element ref="xacml-context:Response"/> >> <element ref="xacml-context:Request" minOccurs="0"/> >> </sequence> >> </extension> >> </complexContent> >> </complexType> >> <!-- --> >> <element name="XACMLPolicyStatement" >> type="xacmlsaml:XACMLPolicyStatementType"/> >> <complexType name="XACMLPolicyStatementType"> >> <complexContent> >> <extension base="saml:StatementAbstractType"> >> <choice minOccurs="0" maxOccurs="unbounded"> >> <element ref="xacml:Policy"/> >> <element ref="xacml:PolicySet"/> >> </choice> >> </extension> >> </complexContent> >> </complexType> >> </schema> >> >> ------------------------------------------------------------------------ >> >> <?xml version="1.0" encoding="UTF-8"?> >> <schema >> targetNamespace="urn:oasis:xacml:2.0:saml:protocol:schema:os" >> xmlns:xacmlsamlp="urn:oasis:xacml:2.0:saml:protocol:schema:os" >> xmlns:xs="http://www.w3.org/2001/XMLSchema" >> xmlns="http://www.w3.org/2001/XMLSchema" >> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" >> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" >> xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" >> elementFormDefault="unqualified" >> attributeFormDefault="unqualified" >> blockDefault="substitution" >> version="2.0"> >> <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion" >> >> schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"/> >> >> <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol" >> >> schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"/> >> >> <xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os" >> >> schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd"/> >> >> <xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" >> >> schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"/> >> >> <xs:annotation> >> <xs:documentation> >> Document identifier: >> access_control-xacml-2.0-saml-protocol-schema-os.xsd >> Location: >> http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd >> >> </xs:documentation> >> </xs:annotation> >> <!-- --> >> <xs:element name="XACMLAuthzDecisionQuery" >> type="xacmlsamlp:XACMLAuthzDecisionQueryType"/> >> <xs:complexType name="XACMLAuthzDecisionQueryType"> >> <xs:complexContent> >> <xs:extension base="samlp:RequestAbstractType"> >> <xs:sequence> >> <xs:element ref="xacml-context:Request"/> >> </xs:sequence> >> <xs:attribute name="InputContextOnly" >> type="boolean" >> use="optional" >> default="false"/> >> <xs:attribute name="ReturnContext" >> type="boolean" >> use="optional" >> default="false"/> >> </xs:extension> >> </xs:complexContent> >> </xs:complexType> >> <!-- --> >> <xs:element name="XACMLPolicyQuery" >> type="xacmlsamlp:XACMLPolicyQueryType"/> >> <xs:complexType name="XACMLPolicyQueryType"> >> <xs:complexContent> >> <xs:extension base="samlp:RequestAbstractType"> >> <xs:choice minOccurs="0" maxOccurs="unbounded"> >> <xs:element ref="xacml-context:Request"/> >> <xs:element ref="xacml:Target"/> >> <xs:element ref="xacml:PolicySetIdReference"/> >> <xs:element ref="xacml:PolicyIdReference"/> >> </xs:choice> >> </xs:extension> >> </xs:complexContent> >> </xs:complexType> >> </schema> >> >
--- Begin Message ---
- From: Rich Levinson <rich.levinson@oracle.com>
- To: Hal Lockhart <hlockhar@bea.com>
- Date: Tue, 18 Sep 2007 11:29:49 -0400
Hal, I expect that Rudiger should be using the .xsd's from the SAML 2.0 profile for XACML Errata: http://www.oasis-open.org/committees/download.php/11474/access_control-xacml-2.0-saml-assertion-schema-os.xsd http://www.oasis-open.org/committees/download.php/11475/access_control-xacml-2.0-saml-protocol-schema-os.xsd as well as the errata spec: http://www.oasis-open.org/committees/download.php/15447/xacml-2.0-saml-errata-wd.zip Note: the above .zip contains the correct schema. The XACML TC home page should probably be updated to make this easier for people to obtain. Thanks, Rich Hal Lockhart wrote: > -----Original Message----- > From: Rüdiger Gartmann [mailto:ruediger.gartmann@uni-muenster.de] > Sent: Wednesday, August 29, 2007 12:33 PM > To: Hal Lockhart > Subject: Invalid XSDs in SAML 2.0 profile of XACML > > Hal, > > I hope you are the right person to address, at least you may know the > right person... > > Trying to implement the SAML 2.0 profile of XACML v2.0 (see > http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-profile-spec-os.pdf) > we found out that the XSDs which are provided on the OASIS web site > (http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-os.xsd > and > http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd) > are invalid. They include a couple of typos, missing namespace > declarations, etc. I attached two revised versions to this mail which > validate correctly. > > I am wondering if nobody had the same problems, especially since this > standard was released in 2005 (and the drafts had been out even earlier, > including the same errors). > > Maybe you can send me some feedback if I did anything wrong or what the > reason for these errors is. > > Best regards, > Rüdiger > > P.S.: I am using XMLSpy 2007... >--- End Message ---
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]