[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Abstract XACML TC SAML AuthzDecisionQuery/Resp requirements
How do these sound as abstract requirements to present to SAML for SAML 2.0? 1. Way to pass an XACML Request Context in the Query and an XACML Response Context in the Decision. 2. Way to indicate in the Query that an XACML Request Context is to be returned as part of the Decision. 3. Way to indicate in the Query whether the PDP is free to collect Attributes for use in making the Decision from sources other than the XACML Request Context passed in the Query. 4. Associate a DataType with an Issuer name, such that the name can be determined to be a string, an X.500 Distinguished Name, etc. Newer requirements: 5. Way to return an XACML Policy/PolicySet in a Decision as a condition that must evaluate to "Permit" in order for the Decision to be valid. Way to indicate that such a condition is associated with the Decision. Might be appropriate to put this condition and indication into the XACML Response Context itself. 6. Way to pass an XACML Policy/PolicySet in a Query along with an indication as to whether this Policy/PolicySet is to be used alone or in conjunction with other Policies/PolicySets available to the PDP in evaluating the Query. 7. Better correspondence between SAML Attribute format and XACML Request Context Attribute format such that SAML Attributes can be translated into XACML Request Context Attributes mechanically and easily. 8. SAML Policy Assertion syntax, allowing an issuer to state and sign an XACML Policy/PolicySet. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]