[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] XACML Obligations and SAML Conditions (?)
In my mind, the issuer of an assertion vouches for the validity of the statement, and that the conditions clause should only apply to the validity of the statement as a whole. In the case of an xacml response, the obligations seems part of that response, and together constitute the statement. It is this complete statement that will be used by the pep after the validation of the assertion. To pull the obligations out and carry them in the saml's conditions doesn't seem to fit that model well. -Frank. Polar Humenn wrote: > On Wed, 10 Sep 2003, Frank Siebenlist wrote: > > >>My feel is that the saml condition is on the assertion level, while the xacml >>obligation is on the decision response level. >> >>Does it make sense to have the decision response including the obligations live >>outside of the assertion? >>If the answer is yes, then that may have answered the question... > > > I'm not quite sure what you mean. > > An obligation is part of the decision response. If we use the SAML > Response to wrap this XACML response, By virtue of being a SAML Response, > does that mean the XACML Response must be an Assertion? So, do you mean by > turning the response into a SAML Assertion that we should strip the > obligations out and put them some where else? > > -Polar > > >>-Frank. >> >> > > -- Frank Siebenlist franks@mcs.anl.gov The Globus Project - Argonne National Laboratory
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]