The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.
Where is the XSD for the SAML 2.0 Action Namespace Identifiers?
Hello, in the Assertions and Protocols for SAML 2.0 guide[1], in Section 8.1, there is a listing of the Action Namespace Identifiers (urn:oasis:names:tc:SAML:1.0:action:rwedc, urn:oasis:names:tc:SAML:1.0:action:ghpp, etc.) and the accepted values for each--read, write, post, etc.
Question: Are these identifiers (and their accepted values) defined in an XML Schema someplace, or are they just defined in this document? If they are in a Schema, can anyone give me the URL to obtain them? I can't seem to find them here[2], but it could be I'm just looking in the wrong place.
I would like to create a customized Action Namespace with my own defined actions, and if I can see the XSD for the already standard ones, I would know how to create an XSD for my own Action and how to declare the acceptable values for it.
Thanks,
Glen
[1] http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
[2]http://docs.oasis-open.org/security/saml/v2.0/
Where is the XSD for the SAML 2.0 Action Namespace Identifiers?
There is no XSD because they aren't XML namespaces. The word namespace is just used to refer to the "space" of operations covered by the action "namespace".
The identifier itself is just a unique tag for the set of operations it's referring to. There's no XML involved, and no schema.
Thanks for the response
Thanks for the response Scott. This does seem suboptimal though. From what I can see, saml:Attributes can be tied to an XSD simpleType restricted by enumerations, so an attribute value can be validated to be one of a predefined set of values. It would have been nice if saml:Actions had that same capability--to be able to define and validate its values using an XSD.
IIRC, Action is from the
IIRC, Action is from the authorization piece of SAML, which is effectively deprecated in favor of XACML anyway. It wasn't even looked at for 2.0, other than to decide whether to just drop it.
Furthermore, nobody validates XML. I was one of the few holdouts and I got the message. If you want to enforce these sorts of things, you do it in code, not with a schema. Schemas are too brittle to handle the extensibility models of SAML and web services.