Re: wrt Eve's UMA presentation, and comment, link to OpenAz

[rich levinson <rich.levinson@oracle.com>]

Forwarding Eve's comment.
  Rich

On 10/21/2012 11:06 AM, Eve Maler wrote:
> Hi Rich-- (You'll have to forward this note to the XACML TC if you want them to see it, as I'm not subscribed...)
>
> Thanks for this link! Yes, this was the bridging scenario we discussed on the call: If the UMA authorization manager is using an UMA token profile that provides something less than authorization decisions or permissions, then UMA host app could be in a position to turn around and connect to an XACML PDP to interpret the authorization data it does have.
>
> 	Eve
>
> On 18 Oct 2012, at 2:55 PM, rich levinson<rich.levinson@oracle.com>  wrote:
>
> > Hi Eve,
> >
> > Following is link to OpenAz OAuthSimulator demo javadoc, that I mentioned in comment
> > to your presentation slide 5 on integration of XACML and UMA.
> > http://openaz.svn.sourceforge.net/viewvc/openaz/test/doc/test/OAuthSimulator.html
> >
> > Basically, the demo is a simulation of the main OAuth actors
> > exchanging OAuth messages in order for user to allow client
> > access to file on a resource server.
> >
> > All the authorizations are done by SunXacml PDP. If you get into the details,
> > there are also traces of the actual xacml policy evaluation that takes place
> > at each step along the way.
> >
> > As I indicated in comment, and I think you agreed, UMA AM would basically
> > be a policy administration point that would attach to the pdp by uploading
> > xacml representations of UMA AM policies. Then the PDP would operate
> > independently in the runtime environment, unless UMA decided to come in
> > w some policy updates.
> >
> > Please let me know any comments or questions.
> >
> >     Thanks,
> >     Rich
>
> Eve Maler                                  http://www.xmlgrrl.com/blog
> +1 425 345 6756                         http://www.twitter.com/xmlgrrl