OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
Back to discussions
Expand all | Collapse all

Re: [xacml] [schema] replacement for SAML AssertionType

  • 1.  Re: [xacml] [schema] replacement for SAML AssertionType

    Posted 07-23-2002 15:34 
     MHonArc v2.5.2 -->


















    xacml message
    







    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    







    Subject: Re: [xacml] [schema] replacement for SAML AssertionType
    







    



    
I'll agree with this assesment.
-Polar

On Tue, 23 Jul 2002, Anne Anderson wrote:

> For people operating in an X.509 Attribute Certificate
> environment, or supporting some kind of assertion format other
> than saml, it would be nice if XACML did not force people to
> support SAML.  Currently, we have the following saml artifacts:
>
>  - PolicySetAssertion and PolicyAssertion in PolicySetType are of type
>    saml:AssertionType
>
>  - PolicySetStatementType extends saml:StatementAbstractType
>  - PolicyStatementType extends saml:StatementAbstractType
>
> Why not define XACML:AssertionType as follows:
>
>         <complexType name="AssertionType">
>                 <sequence>
>                                 <element ref="xacml:PolicySetStatement"/>
>                                 <element ref="xacml:PolicyStatement"/>
>                 </sequence>
>                 <attribute name="MajorVersion" type="integer" use="optional"/>
>                 <attribute name="MinorVersion" type="integer" use="optional"/>
>                 <attribute name="AssertionID" type="xs:anyURI" use="optional"/>
>                 <attribute name="Issuer" type="string" use="optional"/>
>                 <attribute name="IssueInstant" type="dateTime" use="optional"/>
>         </complexType>
>
> And remove the "xs:extension base="saml:StatementAbstractType"
> from PolicySetStatementType and PolicyStatementType.
>
> Now, it is still very easy to map saml Assertions to XACML, it is
> easier to ensure that when we use an xacml:AssertionType that it
> is either a PolicySetStatement or a PolicyStatement, and it is no
> longer necessary to support SAML.
>
> Anne
> --
> Anne H. Anderson             Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311     Tel: 781/442-0928
> Burlington, MA 01803-0902 USA  Fax: 781/442-1692
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>


    





    







    


    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    
  

    


    







    Powered by eList eXpress LLC


Related Content