xacml message

Subject: FW: [security-services] Proposed Agenda for SAML 2.0 F2F. Forwarded message from Mishra, Prateek.
From: Anne Anderson <Anne.Anderson@Sun.com>
To: XACML TC <xacml@lists.oasis-open.org>, Rebekah Lepro <bekah@nas.nasa.gov>, Von Welch <welch@mcs.anl.gov>, David Chadwick <d.w.chadwick@salford.ac.uk>, Samuel Meder <meder@mcs.anl.gov>
Date: Fri, 29 Aug 2003 10:02:36 -0400
SAML AuthzDecisionQuery/Resp people,

Any objections to this schedule?  We would have time on Tuesday
to do our side-session (time still unspecified, but RSA would
provide facilities), and then present our joint AuthzQuery
proposal to the SSTC on Wednesday from 9-10:30.

I am also including the latest version of the Abstract
Requirements list.  Note that these are candidate requirements -
being on the list does not mean we have agreed yet.  This list
does not include anything for step 1 of multi-step authorization,
because it seems that should be a separate type of
"AttributeQuery", not necessarily handled by a PDP.  I will put
it on the list for discussion if the OGSA people still think it
should be part of the AuthzQuery.

Anne

Title:   Abstract Requirements for SAML AuthorizationDecisionQuery/Response
Author:  Anne Anderson
Version: 1.2, 03/08/28 (yy/mm/dd)

1. Way to pass an XACML Request Context in the Query and an XACML
   Response Context in the Decision.  Should not extend
   SubjectQueryAbstractType and SubjectStatementAbstractType
   because Subject element is redundant and inconsistent.
2. Way to indicate in the Query that an (note might not match
   input Request) XACML Request Context is to be returned as part
   of the Decision.
3. Way to indicate in the Query whether the PDP is free to
   collect Attributes for use in making the Decision from sources
   other than the XACML Request Context passed in the Query.
4. Associate a DataType with an Issuer name, such that the name
   can be determined to be a string, an X.500 Distinguished Name,
   etc.
5. Way to return an XACML Policy/PolicySet in a Decision as a
   condition that must evaluate to "Permit" in order for the
   Decision to be valid.  Way to indicate that such a condition
   is associated with the Decision.  Might be appropriate to put
   this condition and indication into the XACML Response Context
   itself.
6. Way to pass an XACML Policy/PolicySet in a Query along with
   an indication that such a policy is being supplied and whether
   this Policy/PolicySet is to be used alone or in conjunction
   with other Policies/PolicySets available to the PDP in
   evaluating the Query.
7. Better correspondence between SAML Attribute format and XACML
   Request Context Attribute format such that SAML Attributes can
   be translated into XACML Request Context Attributes
   mechanically and easily.
8. SAML Policy Statement syntax, allowing an issuer to state and
   sign an XACML Policy/PolicySet.
9. SAML Policy Query syntax, allowing a PDP to request a Policy/PolicySet
   by its Policy[Set]Id from an on-line Policy Administration
   Point (are there any online PAPs?  If not, no need for this).

------- start of forwarded message -------
From: "Mishra, Prateek" <pmishra@netegrity.com>
To: "'Anne.Anderson@Sun.com'" <Anne.Anderson@sun.com>
Subject: FW: [security-services] Proposed Agenda for SAML 2.0 F2F
Date: Fri, 29 Aug 2003 09:43:36 -0400

Anne,
 
Here is the proposed agenda. Our thinking was that if XACML needed a
"side-session",
this could be accomplished on Tuesday. Rob has indicated that RSA would make
the
needed facilities available.
 
Does it work for you? 

-----Original Message-----
From: Mishra, Prateek [mailto:pmishra@netegrity.com]
Sent: Monday, August 18, 2003 6:36 PM
To: 'security-services@lists.oasis-open.org'
Subject: [security-services] Proposed Agenda for SAML 2.0 F2F


Monday, September 8:
 
10:00-10:30     Preliminaries, Roll-Call
10:30-12:00 -- ID-FF v1.1 Drilldown
  1:00-1:30  --  What is new in ID-FF V1.2?
  1:30-2:30  --  WSS SAML token profile
  2:30--2:45 --  Break
  2:45--4:30  -- Implementation experience and new use-cases
                       + Mike Beach, Boeing (20 mins)
                       + Fidelity (20 mins)
                       + Netegrity (20 mins)
                       + Open time (??)
  4:30--5:00 --- Capture any new work items (identify champions, next steps)

 
<*** Editors revise SAML 2.0 work item list based on inputs
       Current version: sstc-saml-scope-2.0-draft-0.2.doc  available from
document repository     
***>
 
Tuesday, September 9:
 
 9:00--10:15 --- Review of SAML 2.0 work item list
                        gap analysis with ID-FF v.1.1, v1.2
 10:30--12:00 -- Continued
 1:00 --3:15  --  Continued
  3:30--5:00 ---  End Goal: Enumerate documents and identify editors, 
                                        Identify champions for each work
item,
                                        Link each work item to a document,
                                        Identify next steps for each work
item
                                        
 
 
Wednesday, September 10:
 
 9:00-10:30  --- XACML AuthZQuery/Response Proposal to SSTC
 10:30-12:00 --- Finish up remaining business  
 
 
 
----------------------
Prateek Mishra
Netegrity
 
p: 781-530-6564
c: 781-308-5198
------- end of forwarded message -------

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692