[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Abstract: XACML Profile of SAML V2.0 Attributes
SAML Attribute Assertions may be used as input to authorization decisions made according to the OASIS eXtensible Access Control Markup Language (XACML) standard specification. Since the SAML Attribute format differs from the XACML Attribute format, there is a mapping that must be performed. The OASIS XACML TC has defined a Profile for doing this mapping [XACML-Profile], but that Profile imposes constrints on the meta-data provided with the SAML Attribute. This Profile describes those meta-data constraints. SAML Attribute Assertions generated in conformance with this Profile can be mapped automatically to XACML Attributes and used as input to XACML authorization decisions. The audience for this Profile is developers and deployers of systems that will produce SAML Attributes, where those Attributes may be used (among other things) as input to XACML authorization decisions. The Profile itself is attached to http://lists.oasis-open.org/archives/security-services/200406/msg00006.html This Profile is being submitted to the SSTC in response to an Action Item on this subject for Hal Lockhart (who will have to supply the appropriate reference). This submission was approved by the XACML TC on 27 May 2004 with one dissenting vote (from Mike McIntosh, IBM). The intent is that the SSTC either adopt this Profile, or incorporate the contents of this Profile into a more general SSTC Attribute profile collection. The XACML TC would like to thank the SSTC for the fruitful discussions that have resulted in the ability to specify such a profile. The resulting interoperability between SAML and XACML is to the benefit of both standards. Anne Anderson -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]