[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] attribute retrieval protocol
Thanks. It seems I really need to take a look SAML :) Argyn > Argyn, > > I may not be fully understanding your use case, but the SAML Profile of > XACML > describes how to use SAML Attribute Queries to get attributes, and > describes > how to map the responses into XACML Attributes. The SAML schema for > these > queries and responses can be used by an XACML Context Handler to request > attributes from some other entity in the network (the application, an > Attribute Authority, etc.). > > Anne Anderson > >> This is related to remore PDP problem. If there's not enough attributes >> in >> the reques, how does PDP finds them? >> >> There's no XML schema to request an attribute. According to spec context >> handler find attributes. How is this going to work in the netwrok? >> >> I thought if there wer XML schema to request attribute, then this could >> work better in Web environment. A client sends XACML Request to PDP >> server. Currently, it expects to get XACML Response with a decision. >> What if we change Response contract, making it return a request for >> additional information. there'll be XACML scehma for a responce with >> such >> a request. >> >> 1. Request goes to PDP >> 2. Response from PDP contains a request for additional information. It >> also has a sessionId. >> 3. new Request with additional info goes to PDP, it contains sessionId >> from prev step, so PDP knows that this is for an existing request. >> 4. Response from PDP contains a decision. >> >> Basically, this is alomost the same how it works now, the difference is >> that request to ContextHandler for other attributes has its own XML >> schema. >> >> thanks, >> Argyn > > -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]