To XACML TC:
This issue has now been addressed and the current schemas and examples
appear to be working properly. After further discussion with Anne and
the OASIS technical staff, it was decided that the OASIS staff would
put
links in the "/xacml" directory to the 2 .xsd files in the "/xacml/2.0"
directory.
(see email copied below)
I have tested it and it appears to work fine. We will still need to
decide what
to do about issue #69, but I am not sure if what has been done doesn't
in fact
represent a reasonable solution, assuming everything remains permanent.
However, the TC can discuss that in future meetings. For now, at least,
I think it will meet our needs thru the Interop.
Thanks,
Rich
Original Message --------
Rich,
I created two symlinks to yield resources at these two URIs:
# http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd
# http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd
Can you confirm that this resolves the issue for you?
Thanks,
Robin
Anne Anderson - Sun Microsystems wrote:
Original Message --------
Rich, we can't
just do that. That is the approved XACML 2.0 OASIS Standard, like it
or not. We plan to fix it as errata, but that is not exactly a
lightweight process itself.
The link was right when XACML 2.0 was approved - OASIS changed the
structure of their directories afterwards, and that is when it broke.
Given that it was an OASIS process change that broke it, perhaps you
can persuade the OASIS powers that be to let us change it without going
through the errata approval process. The other alternative, possibly
easier, is to convince them to store a copy of it in the old location
at
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd
-Anne
Rich Levinson wrote:
Hi Anne,
That .zip file just contains the .doc, .pdf, .odt for the XACML 2.0
core spec.
My main concern is that what exists now does not work. My suggestion is
that we simply insert the "/2.0" in the context spec:
http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd
i.e replace:
<xs:import
namespace="*urn:oasis:names:tc:xacml:2.0:policy:schema:os*"
schemaLocation="*http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd*"
/>
with
<xs:import
namespace="*urn:oasis:names:tc:xacml:2.0:policy:schema:os*"
schemaLocation="*http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd*"
/>
^^^^
in the document that is posted there now.
The problem is that the first thing users find is that the path is not
correct.
Ok, fixing the path in the local xml files is not a big problem and it
is
something the customer can control.
But then they also find if they reference the context doc that it,
itself,
has a bad ref that they can't do anything about. This will be major
inconvenience. *In particular, I am doing work for the Interop and
don't know what to do to address this problem.*
Again, my recommendation is that we put the quick fix in the context
file so that people can actually use things from the web site.
Thanks,
Rich
Anne Anderson wrote:
Existing Issue#69. I haven't checked, but
it may also be fixed in the schema included in the XACML 2.0 Errata at
http://www.oasis-open.org/committees/download.php/19135/access_control-xacml-2.0-core-spec-os-errata.zip
Regards,
Anne
Rich Levinson wrote:
I have been trying to validate some
messages and appear to have
uncovered a problem with the xacml 2.0 schemas.
On the web site the schema locations are:
http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd
and
http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd
However, the context schema has a pointer to the policy schema that
says:
<xs:import
namespace="*urn:oasis:names:tc:xacml:2.0:policy:schema:os*"
schemaLocation="*http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd*"
/>
Note /xacml/ is not followed by "2.0" as it is in the actual locations
above,
which causes the schema file not to be found on validate.
This also shows up in what appears to be all the sample messages.
Please advise.
Thanks,
Rich