[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Public Comment
Comment from: rfought@psislidell.com Name:Rich Fought Title:Senior Security Software Engineer Organization:Planning Systems Incorporated Regarding Specification: SAML 2.0 profile of XACML v2.0 The profile defines a new element XACMLAuthzDecisionResponse that is intended to be substituted for the standard SAML AuthzDecisionRequest element. However, there is no extension to the saml:Response or saml:Assertion elements that would allow this new XACMLAuthzDecisionResponse to be legitimately inserted inside a SAML response (legitimate meaning passing XML validation). This also has the effect of there is no standardized way of specifying such an entity in interfaces such as WSDLs. Was this by design? It seems there should be new or extended versions of saml:Response and saml:Assertion to fully realize standardized embedding of XACMLAuthzDecisionResponse elements in SAML. I propose including these in the XACML-SAML assertion schema.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]