Hello fellow TC members,
What follows below is a list of questions for consideration in writing text on how XACML can be used to govern trust elevation use cases. In the original note to the Trust-El TC at the bottom, there is a link to the latest version of the document.
In addition to answering the questions, I think it would be good if we could put together some sample policies that address the use cases in the Trust-El working draft.
Thanks,
John
---------------
For those of you reviewing the Trust Elevation draft, here are some questions that might help generate comments. The questions assume that you have a reference protocol that you are comparing Trust Elevation to.- Section 4.2 diagram - what would this diagram look like when represented in the protocol that you are comparing to?
- Does your protocol have the ability to retry authentication if the current authentication level is not sufficient?
- 1: does the protocol need to be extended in order to be able to express it at all?
- 2: do normal implementations have an ‘orchestration’ facility that can go back for more information, attributes or authentication events?
- Can you write an example policy for the use cases that handle the Step Up or Missing Attributes situations?
- How does your protocol handle composite subjects (meaning Person, Device and Software Client)?
---------- Forwarded message ----------
From:
Andrew Hughes Date: Thu, Aug 6, 2015 at 8:06 AM
Subject: [trust-el] Groups - trust-el-protocol-v1.0-wd04a-master.docx uploaded
To:
trust-el@lists.oasis-open.org Submitter's message
TE Draft v04a posted for discussion on 2015-08-06 TC call.
-- Andrew Hughes