[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] XACML Obligations and SAML Conditions (?)
On Wed, 10 Sep 2003, Frank Siebenlist wrote: > In my mind, the issuer of an assertion vouches for the validity of the > statement, and that the conditions clause should only apply to the validity of > the statement as a whole. > > In the case of an xacml response, the obligations seems part of that response, > and together constitute the statement. It is this complete statement that will > be used by the pep after the validation of the assertion. > > To pull the obligations out and carry them in the saml's conditions doesn't seem > to fit that model well. Ah, I got your point. I agree with you. The response carrying within an XACML response should be the captured as whole statement. Were we really considering pulling obligations out into the Conditions? Cheers, -Polar > > -Frank. > > > Polar Humenn wrote: > > > On Wed, 10 Sep 2003, Frank Siebenlist wrote: > > > > > >>My feel is that the saml condition is on the assertion level, while the xacml > >>obligation is on the decision response level. > >> > >>Does it make sense to have the decision response including the obligations live > >>outside of the assertion? > >>If the answer is yes, then that may have answered the question... > > > > > > I'm not quite sure what you mean. > > > > An obligation is part of the decision response. If we use the SAML > > Response to wrap this XACML response, By virtue of being a SAML Response, > > does that mean the XACML Response must be an Assertion? So, do you mean by > > turning the response into a SAML Assertion that we should strip the > > obligations out and put them some where else? > > > > -Polar > > > > > >>-Frank. > >> > >> > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]