[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: wrt Eve's UMA presentation, and comment, link to OpenAz
Forwarding Eve's comment. Rich On 10/21/2012 11:06 AM, Eve Maler wrote:
Hi Rich-- (You'll have to forward this note to the XACML TC if you want them to see it, as I'm not subscribed...) Thanks for this link! Yes, this was the bridging scenario we discussed on the call: If the UMA authorization manager is using an UMA token profile that provides something less than authorization decisions or permissions, then UMA host app could be in a position to turn around and connect to an XACML PDP to interpret the authorization data it does have. Eve On 18 Oct 2012, at 2:55 PM, rich levinson<rich.levinson@oracle.com> wrote:Hi Eve, Following is link to OpenAz OAuthSimulator demo javadoc, that I mentioned in comment to your presentation slide 5 on integration of XACML and UMA. http://openaz.svn.sourceforge.net/viewvc/openaz/test/doc/test/OAuthSimulator.html Basically, the demo is a simulation of the main OAuth actors exchanging OAuth messages in order for user to allow client access to file on a resource server. All the authorizations are done by SunXacml PDP. If you get into the details, there are also traces of the actual xacml policy evaluation that takes place at each step along the way. As I indicated in comment, and I think you agreed, UMA AM would basically be a policy administration point that would attach to the pdp by uploading xacml representations of UMA AM policies. Then the PDP would operate independently in the runtime environment, unless UMA decided to come in w some policy updates. Please let me know any comments or questions. Thanks, RichEve Maler http://www.xmlgrrl.com/blog +1 425 345 6756 http://www.twitter.com/xmlgrrl
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]