Anne Thomas Manes a écrit :
Some comments on Jeff's recommendations...
On Nov 29, 2007 10:14 AM, Walker, Jeff <[EMAIL PROTECTED]> wrote:
Hi Fatima,
I don't know the exact answer, but I have a few recommendations.
1. Try reducing the wsdl down to importing just one schema, and get that to
work before attempting all of the others.
Always a smart idea.
2. Some of the schema files have a '1' at the end of their file extension, such
as *.xsd1 instead of *.xsd. This may be a problem, not sure.
Those were the namespace URIs, not the file names. They shouldn't be a problem.
3. You use the notation namespace="urn:oasis:names:tc:SAML:2.0:protocol" for namespaces.
Can you edit the schema files you import to use the more familiar http format, such as
namespace="http://oasis.names.tc.SAML2.0.protocol"; ? I know the other notation is
theoretically allowed, but many tools actually look up the schema using the http protocol, so the
xx:xx:xx notation may not resolve.
Not a problem. Besides, given that you're using a standard, you must
maintain the standard's namespace URIs. Any tool that uses a namespace
URI in place of the URL specified in the schemaLocation attribute is
broken.
4. The schemaLocation attribute ends up having a whitespace in it, where you assign
to it "C:\Documents and
Settings\Fatima\Bureau\svn\xacmlpolicytransfer\saml-schema-protocol-2.0.xsd".
Again, this may or may not be a problem but should probably be edited to remove the
whitespace. (That would mean moving the scjema file from the Documents and Settings
folder, of course).
This is almost certainly your problem.
5. Your defined prefix xmlns:tns points to an actual wsdl file? i.e.
xmlns:tns="http://policytransfer.authorization.security.evidian.com/xacmlpolicytransfer.wsdl";
This seems strange to me as well. Normally, I think it would be just a unique
namespace. (This may also not be a problem since its still possible to regard
this string as a unique name).
Not a problem. That's the same URI as the targetNamespace.
6. What is name="xacmlpolicytransfer" ??
That's the name of the WSDL. (an optional attribute in the
<wsdl:definitions> element)
Anne
-jeff
-----Original Message-----
From: Fátima Milla Olaya [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 29, 2007 6:15 AM
To: [email protected]
Subject: Problem with the imports in the WSDL
Hi, I want to import the schemas to my wsdl:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions xmlns:import1="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:import2="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
xmlns:tns="http://policytransfer.authorization.security.evidian.com/xacmlpolicytransfer.wsdl";
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsd1="http://policytransfer.authorization.security.evidian.com/xacmlpolicytransfer.xsd1";
name="xacmlpolicytransfer"
targetNamespace="http://policytransfer.authorization.security.evidian.com/xacmlpolicytransfer.wsdl";>
<wsdl:documentation
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";>Created using Cape Clear
Studio SOA Editor - http://www.capeclear.com</wsdl:documentation>
<wsdl:types>
<xsd:schema
targetNamespace="http://policytransfer.authorization.security.evidian.com/xacmlpolicytransfer.xsd1";
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsd1="http://policytransfer.authorization.security.evidian.com/xacmlpolicytransfer.xsd1";>
<xsd:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
schemaLocation="C:\Documents and
Settings\Fatima\Bureau\svn\xacmlpolicytransfer\saml-schema-protocol-2.0.xsd"/>
<xsd:import
namespace="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol"
schemaLocation="C:\Documents and
Settings\Fatima\Bureau\svn\xacmlpolicytransfer\xacml-2.0-profile-saml2.0-v2-schema-protocol-wd-5.xsd"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="Request">
<wsdl:part name="policyquery" element="import2:XACMLPolicyQuery"/>
</wsdl:message>
<wsdl:message name="Response">
<wsdl:part name="policystatement" element="import1:Response"/>
</wsdl:message>
<wsdl:portType name="xacmlpolicytransferPortType">
<wsdl:operation name="transfer">
<wsdl:input message="tns:Request"/>
<wsdl:output message="tns:Response"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="xacmlpolicytransferBinding"
type="tns:xacmlpolicytransferPortType">
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="transfer">
<soap:operation
soapAction="capeconnect:xacmlpolicytransfer:xacmlpolicytransferPortType#transfer"/>
<wsdl:input>
<soap:body parts="policyquery" use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body parts="policystatement" use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="xacmlpolicytransfer">
<wsdl:port name="xacmlpolicytransferPort"
binding="tns:xacmlpolicytransferBinding">
<soap:address
location="http://localhost:8080/axis2/services/xacmlpolicytransfer"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
and I get this:
Warning : 1003 : WSDLException: faultCode=PARSER_ERROR: failed parsing
schemas into object model - failed loading import in schema
http://policytransfer.authorization.security.evidian.com/xacmlpolicytransfer.xsd1
for namespace=urn:oasis:names:tc:SAML:2.0:protocol,
schemaLocation=C:\Documents and
Settings\Fatima\Bureau\svn\xacmlpolicytransfer\saml-schema-protocol-2.0.xsd:
failed loading import in schema
http://policytransfer.authorization.security.evidian.com/xacmlpolicytransfer.xsd1
for namespace=urn:oasis:names:tc:SAML:2.0:protocol,
schemaLocation=C:\Documents and
Settings\Fatima\Bureau\svn\xacmlpolicytransfer\saml-schema-protocol-2.0.xsd
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Hi, I can import the access_control-xacml-2.0-policy-schema-os.xsd with
or without whitespaces but I get the same problem with the
saml-schema-protocol-2.0.xsd I send to you the wsdl and the two schemas.
thanks for the answers.
*wsdl*
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions xmlns:import1="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:import2="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
xmlns:tns="http://evidian.com/security/authorization/xacmlpolicytransfer.wsdl";
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsd1="http://evidian.com/security/authorization/xacmlpolicytransfer.xsd1";
name="xacmlpolicytransfer"
targetNamespace="http://evidian.com/security/authorization/xacmlpolicytransfer.wsdl";>
<wsdl:documentation
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";>Created using Cape Clear
Studio SOA Editor - http://www.capeclear.com</wsdl:documentation>
<wsdl:types>
<xsd:schema
targetNamespace="http://evidian.com/security/authorization/xacmlpolicytransfer.xsd1";
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsd1="http://evidian.com/security/authorization/xacmlpolicytransfer.xsd1";>
<xsd:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
schemaLocation="C:\xacmlpolicytransfer\saml-schema-protocol-2.0.xsd"/>
<xsd:import
namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
schemaLocation="C:\xacmlpolicytransfer\access_control-xacml-2.0-policy-schema-os.xsd"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="Response">
<wsdl:part name="response" element="import1:Response"/>
</wsdl:message>
<wsdl:message name="Request">
<wsdl:part name="policy" element="import2:PolicyIdReference"/>
</wsdl:message>
<wsdl:portType name="xacmlpolicytransferPortType">
<wsdl:operation name="transfer">
<wsdl:input message="tns:Request"/>
<wsdl:output message="tns:Response"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="xacmlpolicytransferBinding"
type="tns:xacmlpolicytransferPortType">
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="transfer">
<soap:operation
soapAction="capeconnect:xacmlpolicytransfer:xacmlpolicytransferPortType#transfer"
style="document"/>
<wsdl:input>
<soap:body parts="policy" use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body parts="response" use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="xacmlpolicytransfer">
<wsdl:port name="xacmlpolicytransferPort"
binding="tns:xacmlpolicytransferBinding">
<soap:address
location="http://localhost:8000/ccx/xacmlpolicytransfer"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
*saml-schema-protocol-2.0.xsd*
<?xml version="1.0" encoding="UTF-8"?>
<schema xmlns="http://www.w3.org/2001/XMLSchema";
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
elementFormDefault="unqualified" attributeFormDefault="unqualified"
blockDefault="substitution" version="2.0">
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="saml-schema-assertion-2.0.xsd"/>
<import namespace="http://www.w3.org/2000/09/xmldsig#";
schemaLocation="xmldsig-core-schema.xsd"/>
<annotation>
<documentation>
Document identifier: saml-schema-protocol-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V1.0 (November, 2002):
Initial Standard Schema.
V1.1 (September, 2003):
Updates within the same V1.0 namespace.
V2.0 (March, 2005):
New protocol schema based in a SAML V2.0 namespace.
</documentation>
</annotation>
<complexType name="RequestAbstractType" abstract="true">
<sequence>
<element ref="saml:Issuer" minOccurs="0"/>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="samlp:Extensions" minOccurs="0"/>
</sequence>
<attribute name="ID" type="ID" use="required"/>
<attribute name="Version" type="string" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
<attribute name="Destination" type="anyURI" use="optional"/>
<attribute name="Consent" type="anyURI" use="optional"/>
</complexType>
<element name="Extensions" type="samlp:ExtensionsType"/>
<complexType name="ExtensionsType">
<sequence>
<any namespace="##other" processContents="lax"
maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="StatusResponseType">
<sequence>
<element ref="saml:Issuer" minOccurs="0"/>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="samlp:Extensions" minOccurs="0"/>
<element ref="samlp:Status"/>
</sequence>
<attribute name="ID" type="ID" use="required"/>
<attribute name="InResponseTo" type="NCName" use="optional"/>
<attribute name="Version" type="string" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
<attribute name="Destination" type="anyURI" use="optional"/>
<attribute name="Consent" type="anyURI" use="optional"/>
</complexType>
<element name="Status" type="samlp:StatusType"/>
<complexType name="StatusType">
<sequence>
<element ref="samlp:StatusCode"/>
<element ref="samlp:StatusMessage" minOccurs="0"/>
<element ref="samlp:StatusDetail" minOccurs="0"/>
</sequence>
</complexType>
<element name="StatusCode" type="samlp:StatusCodeType"/>
<complexType name="StatusCodeType">
<sequence>
<element ref="samlp:StatusCode" minOccurs="0"/>
</sequence>
<attribute name="Value" type="anyURI" use="required"/>
</complexType>
<element name="StatusMessage" type="string"/>
<element name="StatusDetail" type="samlp:StatusDetailType"/>
<complexType name="StatusDetailType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0"
maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
<complexType name="AssertionIDRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="saml:AssertionIDRef"
maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
<complexType name="SubjectQueryAbstractType" abstract="true">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="saml:Subject"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AuthnQuery" type="samlp:AuthnQueryType"/>
<complexType name="AuthnQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<sequence>
<element ref="samlp:RequestedAuthnContext"
minOccurs="0"/>
</sequence>
<attribute name="SessionIndex" type="string"
use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="RequestedAuthnContext"
type="samlp:RequestedAuthnContextType"/>
<complexType name="RequestedAuthnContextType">
<choice>
<element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
<element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
</choice>
<attribute name="Comparison"
type="samlp:AuthnContextComparisonType" use="optional"/>
</complexType>
<simpleType name="AuthnContextComparisonType">
<restriction base="string">
<enumeration value="exact"/>
<enumeration value="minimum"/>
<enumeration value="maximum"/>
<enumeration value="better"/>
</restriction>
</simpleType>
<element name="AttributeQuery" type="samlp:AttributeQueryType"/>
<complexType name="AttributeQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<sequence>
<element ref="saml:Attribute" minOccurs="0"
maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
<complexType name="AuthzDecisionQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<sequence>
<element ref="saml:Action" maxOccurs="unbounded"/>
<element ref="saml:Evidence" minOccurs="0"/>
</sequence>
<attribute name="Resource" type="anyURI" use="required"/>
</extension>
</complexContent>
</complexType>
<element name="AuthnRequest" type="samlp:AuthnRequestType"/>
<complexType name="AuthnRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="saml:Subject" minOccurs="0"/>
<element ref="samlp:NameIDPolicy" minOccurs="0"/>
<element ref="saml:Conditions" minOccurs="0"/>
<element ref="samlp:RequestedAuthnContext"
minOccurs="0"/>
<element ref="samlp:Scoping" minOccurs="0"/>
</sequence>
<attribute name="ForceAuthn" type="boolean" use="optional"/>
<attribute name="IsPassive" type="boolean" use="optional"/>
<attribute name="ProtocolBinding" type="anyURI"
use="optional"/>
<attribute name="AssertionConsumerServiceIndex"
type="unsignedShort" use="optional"/>
<attribute name="AssertionConsumerServiceURL"
type="anyURI" use="optional"/>
<attribute name="AttributeConsumingServiceIndex"
type="unsignedShort" use="optional"/>
<attribute name="ProviderName" type="string"
use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
<complexType name="NameIDPolicyType">
<attribute name="Format" type="anyURI" use="optional"/>
<attribute name="SPNameQualifier" type="string" use="optional"/>
<attribute name="AllowCreate" type="boolean" use="optional"/>
</complexType>
<element name="Scoping" type="samlp:ScopingType"/>
<complexType name="ScopingType">
<sequence>
<element ref="samlp:IDPList" minOccurs="0"/>
<element ref="samlp:RequesterID" minOccurs="0"
maxOccurs="unbounded"/>
</sequence>
<attribute name="ProxyCount" type="nonNegativeInteger"
use="optional"/>
</complexType>
<element name="RequesterID" type="anyURI"/>
<element name="IDPList" type="samlp:IDPListType"/>
<complexType name="IDPListType">
<sequence>
<element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
<element ref="samlp:GetComplete" minOccurs="0"/>
</sequence>
</complexType>
<element name="IDPEntry" type="samlp:IDPEntryType"/>
<complexType name="IDPEntryType">
<attribute name="ProviderID" type="anyURI" use="required"/>
<attribute name="Name" type="string" use="optional"/>
<attribute name="Loc" type="anyURI" use="optional"/>
</complexType>
<element name="GetComplete" type="anyURI"/>
<element name="Response" type="samlp:ResponseType"/>
<complexType name="ResponseType">
<complexContent>
<extension base="samlp:StatusResponseType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:Assertion"/>
<element ref="saml:EncryptedAssertion"/>
</choice>
</extension>
</complexContent>
</complexType>
<element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
<complexType name="ArtifactResolveType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="samlp:Artifact"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Artifact" type="string"/>
<element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
<complexType name="ArtifactResponseType">
<complexContent>
<extension base="samlp:StatusResponseType">
<sequence>
<any namespace="##any" processContents="lax"
minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="ManageNameIDRequest"
type="samlp:ManageNameIDRequestType"/>
<complexType name="ManageNameIDRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<choice>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<choice>
<element ref="samlp:NewID"/>
<element ref="samlp:NewEncryptedID"/>
<element ref="samlp:Terminate"/>
</choice>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="NewID" type="string"/>
<element name="NewEncryptedID" type="saml:EncryptedElementType"/>
<element name="Terminate" type="samlp:TerminateType"/>
<complexType name="TerminateType"/>
<element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
<element name="LogoutRequest" type="samlp:LogoutRequestType"/>
<complexType name="LogoutRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<choice>
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="samlp:SessionIndex" minOccurs="0"
maxOccurs="unbounded"/>
</sequence>
<attribute name="Reason" type="string" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime"
use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="SessionIndex" type="string"/>
<element name="LogoutResponse" type="samlp:StatusResponseType"/>
<element name="NameIDMappingRequest"
type="samlp:NameIDMappingRequestType"/>
<complexType name="NameIDMappingRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<choice>
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="samlp:NameIDPolicy"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="NameIDMappingResponse"
type="samlp:NameIDMappingResponseType"/>
<complexType name="NameIDMappingResponseType">
<complexContent>
<extension base="samlp:StatusResponseType">
<choice>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
</extension>
</complexContent>
</complexType>
</schema>
*access_control-xacml-2.0-policy-schema-os.xsd*
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xs="http://www.w3.org/2001/XMLSchema";
targetNamespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
elementFormDefault="qualified" attributeFormDefault="unqualified">
<!-- -->
<xs:element name="PolicySet" type="xacml:PolicySetType"/>
<xs:complexType name="PolicySetType">
<xs:sequence>
<xs:element ref="xacml:Description" minOccurs="0"/>
<xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/>
<xs:element ref="xacml:Target"/>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element ref="xacml:PolicySet"/>
<xs:element ref="xacml:Policy"/>
<xs:element ref="xacml:PolicySetIdReference"/>
<xs:element ref="xacml:PolicyIdReference"/>
<xs:element ref="xacml:CombinerParameters"/>
<xs:element ref="xacml:PolicyCombinerParameters"/>
<xs:element ref="xacml:PolicySetCombinerParameters"/>
</xs:choice>
<xs:element ref="xacml:Obligations" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="PolicySetId" type="xs:anyURI" use="required"/>
<xs:attribute name="Version" type="xacml:VersionType"
default="1.0"/>
<xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI"
use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="CombinerParameters"
type="xacml:CombinerParametersType"/>
<xs:complexType name="CombinerParametersType">
<xs:sequence>
<xs:element ref="xacml:CombinerParameter" minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="CombinerParameter"
type="xacml:CombinerParameterType"/>
<xs:complexType name="CombinerParameterType">
<xs:sequence>
<xs:element ref="xacml:AttributeValue"/>
</xs:sequence>
<xs:attribute name="ParameterName" type="xs:string" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="RuleCombinerParameters"
type="xacml:RuleCombinerParametersType"/>
<xs:complexType name="RuleCombinerParametersType">
<xs:complexContent>
<xs:extension base="xacml:CombinerParametersType">
<xs:attribute name="RuleIdRef" type="xs:string"
use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="PolicyCombinerParameters"
type="xacml:PolicyCombinerParametersType"/>
<xs:complexType name="PolicyCombinerParametersType">
<xs:complexContent>
<xs:extension base="xacml:CombinerParametersType">
<xs:attribute name="PolicyIdRef" type="xs:anyURI"
use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="PolicySetCombinerParameters"
type="xacml:PolicySetCombinerParametersType"/>
<xs:complexType name="PolicySetCombinerParametersType">
<xs:complexContent>
<xs:extension base="xacml:CombinerParametersType">
<xs:attribute name="PolicySetIdRef" type="xs:anyURI"
use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="PolicySetIdReference" type="xacml:IdReferenceType"/>
<xs:element name="PolicyIdReference" type="xacml:IdReferenceType"/>
<!-- -->
<xs:element name="PolicySetDefaults" type="xacml:DefaultsType"/>
<xs:element name="PolicyDefaults" type="xacml:DefaultsType"/>
<xs:complexType name="DefaultsType">
<xs:sequence>
<xs:choice>
<xs:element ref="xacml:XPathVersion"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="XPathVersion" type="xs:anyURI"/>
<!-- -->
<xs:complexType name="IdReferenceType">
<xs:simpleContent>
<xs:extension base="xs:anyURI">
<xs:attribute name="Version"
type="xacml:VersionMatchType" use="optional"/>
<xs:attribute name="EarliestVersion"
type="xacml:VersionMatchType" use="optional"/>
<xs:attribute name="LatestVersion"
type="xacml:VersionMatchType" use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- -->
<xs:simpleType name="VersionType">
<xs:restriction base="xs:string">
<xs:pattern value="(\d+\.)*\d+"/>
</xs:restriction>
</xs:simpleType>
<!-- -->
<xs:simpleType name="VersionMatchType">
<xs:restriction base="xs:string">
<xs:pattern value="((\d+|\*)\.)*(\d+|\*|\+)"/>
</xs:restriction>
</xs:simpleType>
<!-- -->
<xs:element name="Policy" type="xacml:PolicyType"/>
<xs:complexType name="PolicyType">
<xs:sequence>
<xs:element ref="xacml:Description" minOccurs="0"/>
<xs:element ref="xacml:PolicyDefaults" minOccurs="0"/>
<xs:element ref="xacml:CombinerParameters" minOccurs="0"/>
<xs:element ref="xacml:Target"/>
<xs:choice maxOccurs="unbounded">
<xs:element ref="xacml:CombinerParameters" minOccurs="0"/>
<xs:element ref="xacml:RuleCombinerParameters"
minOccurs="0"/>
<xs:element ref="xacml:VariableDefinition"/>
<xs:element ref="xacml:Rule"/>
</xs:choice>
<xs:element ref="xacml:Obligations" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="PolicyId" type="xs:anyURI" use="required"/>
<xs:attribute name="Version" type="xacml:VersionType"
default="1.0"/>
<xs:attribute name="RuleCombiningAlgId" type="xs:anyURI"
use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="Description" type="xs:string"/>
<!-- -->
<xs:element name="Rule" type="xacml:RuleType"/>
<xs:complexType name="RuleType">
<xs:sequence>
<xs:element ref="xacml:Description" minOccurs="0"/>
<xs:element ref="xacml:Target" minOccurs="0"/>
<xs:element ref="xacml:Condition" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="RuleId" type="xs:string" use="required"/>
<xs:attribute name="Effect" type="xacml:EffectType" use="required"/>
</xs:complexType>
<!-- -->
<xs:simpleType name="EffectType">
<xs:restriction base="xs:string">
<xs:enumeration value="Permit"/>
<xs:enumeration value="Deny"/>
</xs:restriction>
</xs:simpleType>
<!-- -->
<xs:element name="Target" type="xacml:TargetType"/>
<xs:complexType name="TargetType">
<xs:sequence>
<xs:element ref="xacml:Subjects" minOccurs="0"/>
<xs:element ref="xacml:Resources" minOccurs="0"/>
<xs:element ref="xacml:Actions" minOccurs="0"/>
<xs:element ref="xacml:Environments" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Subjects" type="xacml:SubjectsType"/>
<xs:complexType name="SubjectsType">
<xs:sequence>
<xs:element ref="xacml:Subject" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Subject" type="xacml:SubjectType"/>
<xs:complexType name="SubjectType">
<xs:sequence>
<xs:element ref="xacml:SubjectMatch" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Resources" type="xacml:ResourcesType"/>
<xs:complexType name="ResourcesType">
<xs:sequence>
<xs:element ref="xacml:Resource" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Resource" type="xacml:ResourceType"/>
<xs:complexType name="ResourceType">
<xs:sequence>
<xs:element ref="xacml:ResourceMatch" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Actions" type="xacml:ActionsType"/>
<xs:complexType name="ActionsType">
<xs:sequence>
<xs:element ref="xacml:Action" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Action" type="xacml:ActionType"/>
<xs:complexType name="ActionType">
<xs:sequence>
<xs:element ref="xacml:ActionMatch" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Environments" type="xacml:EnvironmentsType"/>
<xs:complexType name="EnvironmentsType">
<xs:sequence>
<xs:element ref="xacml:Environment" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Environment" type="xacml:EnvironmentType"/>
<xs:complexType name="EnvironmentType">
<xs:sequence>
<xs:element ref="xacml:EnvironmentMatch" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="SubjectMatch" type="xacml:SubjectMatchType"/>
<xs:complexType name="SubjectMatchType">
<xs:sequence>
<xs:element ref="xacml:AttributeValue"/>
<xs:choice>
<xs:element ref="xacml:SubjectAttributeDesignator"/>
<xs:element ref="xacml:AttributeSelector"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="ResourceMatch" type="xacml:ResourceMatchType"/>
<xs:complexType name="ResourceMatchType">
<xs:sequence>
<xs:element ref="xacml:AttributeValue"/>
<xs:choice>
<xs:element ref="xacml:ResourceAttributeDesignator"/>
<xs:element ref="xacml:AttributeSelector"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="ActionMatch" type="xacml:ActionMatchType"/>
<xs:complexType name="ActionMatchType">
<xs:sequence>
<xs:element ref="xacml:AttributeValue"/>
<xs:choice>
<xs:element ref="xacml:ActionAttributeDesignator"/>
<xs:element ref="xacml:AttributeSelector"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="EnvironmentMatch" type="xacml:EnvironmentMatchType"/>
<xs:complexType name="EnvironmentMatchType">
<xs:sequence>
<xs:element ref="xacml:AttributeValue"/>
<xs:choice>
<xs:element ref="xacml:EnvironmentAttributeDesignator"/>
<xs:element ref="xacml:AttributeSelector"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="VariableDefinition"
type="xacml:VariableDefinitionType"/>
<xs:complexType name="VariableDefinitionType">
<xs:sequence>
<xs:element ref="xacml:Expression"/>
</xs:sequence>
<xs:attribute name="VariableId" type="xs:string" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="Expression" type="xacml:ExpressionType"
abstract="true"/>
<xs:complexType name="ExpressionType" abstract="true"/>
<!-- -->
<xs:element name="VariableReference"
type="xacml:VariableReferenceType" substitutionGroup="xacml:Expression"/>
<xs:complexType name="VariableReferenceType">
<xs:complexContent>
<xs:extension base="xacml:ExpressionType">
<xs:attribute name="VariableId" type="xs:string"
use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="AttributeSelector"
type="xacml:AttributeSelectorType" substitutionGroup="xacml:Expression"/>
<xs:complexType name="AttributeSelectorType">
<xs:complexContent>
<xs:extension base="xacml:ExpressionType">
<xs:attribute name="RequestContextPath" type="xs:string"
use="required"/>
<xs:attribute name="DataType" type="xs:anyURI"
use="required"/>
<xs:attribute name="MustBePresent" type="xs:boolean"
use="optional" default="false"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="ResourceAttributeDesignator"
type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
<xs:element name="ActionAttributeDesignator"
type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
<xs:element name="EnvironmentAttributeDesignator"
type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
<!-- -->
<xs:complexType name="AttributeDesignatorType">
<xs:complexContent>
<xs:extension base="xacml:ExpressionType">
<xs:attribute name="AttributeId" type="xs:anyURI"
use="required"/>
<xs:attribute name="DataType" type="xs:anyURI"
use="required"/>
<xs:attribute name="Issuer" type="xs:string"
use="optional"/>
<xs:attribute name="MustBePresent" type="xs:boolean"
use="optional" default="false"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="SubjectAttributeDesignator"
type="xacml:SubjectAttributeDesignatorType"
substitutionGroup="xacml:Expression"/>
<xs:complexType name="SubjectAttributeDesignatorType">
<xs:complexContent>
<xs:extension base="xacml:AttributeDesignatorType">
<xs:attribute name="SubjectCategory" type="xs:anyURI"
use="optional"
default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="AttributeValue" type="xacml:AttributeValueType"
substitutionGroup="xacml:Expression"/>
<xs:complexType name="AttributeValueType" mixed="true">
<xs:complexContent mixed="true">
<xs:extension base="xacml:ExpressionType">
<xs:sequence>
<xs:any namespace="##any" processContents="lax"
minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="DataType" type="xs:anyURI"
use="required"/>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="Function" type="xacml:FunctionType"
substitutionGroup="xacml:Expression"/>
<xs:complexType name="FunctionType">
<xs:complexContent>
<xs:extension base="xacml:ExpressionType">
<xs:attribute name="FunctionId" type="xs:anyURI"
use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="Condition" type="xacml:ConditionType"/>
<xs:complexType name="ConditionType">
<xs:sequence>
<xs:element ref="xacml:Expression"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Apply" type="xacml:ApplyType"
substitutionGroup="xacml:Expression"/>
<xs:complexType name="ApplyType">
<xs:complexContent>
<xs:extension base="xacml:ExpressionType">
<xs:sequence>
<xs:element ref="xacml:Expression" minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="FunctionId" type="xs:anyURI"
use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="Obligations" type="xacml:ObligationsType"/>
<xs:complexType name="ObligationsType">
<xs:sequence>
<xs:element ref="xacml:Obligation" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Obligation" type="xacml:ObligationType"/>
<xs:complexType name="ObligationType">
<xs:sequence>
<xs:element ref="xacml:AttributeAssignment" minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ObligationId" type="xs:anyURI" use="required"/>
<xs:attribute name="FulfillOn" type="xacml:EffectType"
use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="AttributeAssignment"
type="xacml:AttributeAssignmentType"/>
<xs:complexType name="AttributeAssignmentType" mixed="true">
<xs:complexContent mixed="true">
<xs:extension base="xacml:AttributeValueType">
<xs:attribute name="AttributeId" type="xs:anyURI"
use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
</xs:schema>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
