[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Storing policies in a policy Repository
Hi Massimiliano, Please refer to the XACML 2.0 errata: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#XACML20errata which refers to an updated version of the SAML/XACML specification: http://www.oasis-open.org/committees/download.php/24681/xacml-profile-saml2.0-v2-spec-wd-5-en.pdf I am not sure if this will answer your question, but the XACMLPolicyStatement was significantly revised in section 5.0, and this should also be reflected in the XACML 3,0 specifications when they are released. Thanks, Rich massimiliano.masi@gmail.com wrote: > Hello, > > I was reading the SAML 2.0 profile of XACML v2.0. In section 4.2 is written: > > The <XACMLPolicyStatement> may also be used in a SAML Assertion as a > format for storing the <XACMLPolicyStatement> in a repository. > > How was wondering how the XACMLPolicyStatement can be used > for storing a policy or a policy set in a policy repository. > > I understand that the XACMLPolicyStatement extends a SAML Statement, > but in this case, how to place the SAML Assertion in the SOAP Message? > > If the SAML Assertion is placed using WS-Security, what to write in > the SOAP Body? > A WS-Trust RST is acceptable in my opinion, but it can lead to potential > different implementation, breaking the interoperability. And more, the > SAML assertion > in the header does not authenticate the message, potentially breaking > WS-Security. > > But since the namespace is > > <xacml-samlp:XACMLPolicyStatement > xmlns:xacml-samlp="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol"> > > it can be also acceptable to write it in the body, in my opinion. > > What is your suggestion? > > Thanks in advance, > > Massimiliano > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]