OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml-comment] FW: XACML: Access Control for Web Services

I do not have ready examples, but perhaps our members can supply some.

In both cases, you would want to reference the subjects indicated in the
certificate or assertion. In the case of X.509, you want to use the X.500
Distinguished name identifier:

urn:oasis:names:tc:xacml:1.0:data-type:x500Name

In the case of SAML, although it is possible to map from a SAML subject to a
XACML subject, this is not as straightforward as we would like. The XACML TC
has made a proposal to the SAML TC to improve this situation in SAML 2.0, by
more closely aligning the formats.

Hal

> -----Original Message-----
> From: Hal Lockhart [mailto:hlockhar@bea.com]
> Sent: Tuesday, October 07, 2003 9:47 AM
> To: xacml-comment@lists.oasis-open.org
> Subject: [xacml-comment] FW: XACML: Access Control for Web Services
>
>
>
>
> -----Original Message-----
> From: Chiusano Joseph [mailto:chiusano_joseph@bah.com]
> Sent: Sunday, October 05, 2003 2:59 PM
> To: hlockhar@bea.com
> Subject: XACML: Access Control for Web Services
>
>
> Hal,
>
> My name is Joe Chiusano of Booz Allen Hamilton; I am a member of several
> OASIS TCs. I just sent a request to the XACML comment list using the
> "Send a Comment" button, but I would also like to forward it to you
> because on the OASIS/ebXML Registry TC we discovered that that mechanism
> is not currently working.
>
> My request is as follows - the document I reference is a Web Services
> Standards Analysis that I am writing for the U.S. Department of Defense,
> in which I will include a section on XACML:
>
> "I have a need to list an example of XACML used with Web Services,
> particulary for access control (the most recent XACML Profile for Web
> Services does not have one for access control). Can someone please offer
> an example if they have one of:
>
> (1) XACML used in conjunction with an X.509 cert, or
> (2) XACML used in conjunction with a SAML assertion
>
> preferably with the X.509 or SAML assertion specified in a WS-Security
> header."
>
> Thanks so much.
>
> Thanks so much.
>
> Kind Regards
> Joe Chiusano
> Booz | Allen | Hamilton

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]