[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] OpenID SimplePermissions and SAML constrained delegation
On Mon, Jun 30, 2008 at 11:39 AM, Eve Maler <Eve.Maler@sun.com> wrote: > > And the grid community does this with web services use cases (a simpler form > of what ID-WSF is doing with its WS-Sec profiles?): > > http://www.cs.virginia.edu/papers/SAML_delegation.pdf Despite what is claimed in this paper, X.509 proxy delegation is nearly universal within the grid community. Certainly this is the case in the US, and I claim it is generally true in production grids worldwide. In proxy delegation, Eve would issue a proxy certificate containing her name but with Brian's key, which of course Brian would use to impersonate Eve in the grid. However, this is a totally different use case than OpenID "SimplePermissions" or Scott's early notion of constrained delegation. > Is there any interest in tackling the user/browser side of all this for SAML > in an OpenID SimplePermissions-like fashion? Is there value in > standardizing a modular "assertion profile" (for use with various > scenario-based profiles) for holding the delegation info? Yes, I'm interested in this since it provides a bridge from the SAML world into the grid. In particular, if it can be done without query or ID-WSF, I'm even more interested. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]