OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] InterOp Scenario Extensions draft-01

Title: RE: [saml-dev] InterOp Scenario Extensions draft-01

CrossLogix is interested in pursuing the authz extensions and I'll work with Prateek on the documentation.

As for participation, I've heard (through the grapevine) interest in this from IBM and Entegrity but do not have firm committments.


-----Original Message-----
From: Bhavna Bhatnagar [mailto:bhavna.bhatnagar@sun.com]
Sent: Monday, May 13, 2002 9:26 AM
To: afetterer@crosslogix.com; bhavna.bhatnagar@sun.com;
saml-dev@lists.oasis-open.org; pmishra@netegrity.com
Subject: RE: [saml-dev] InterOp Scenario Extensions draft-01

Not sure. Andrew do you want to follow through with this ? As I indicated
earlier, Sun would probably be able to support this proposed scenario, but it
all depends on how many other vendors would like to participate in
this extension.



>From: "Mishra, Prateek" <pmishra@netegrity.com>
>To: "'Andy Fetterer'" <afetterer@crosslogix.com>, "'Bhavna Bhatnagar'"
<bhavna.bhatnagar@Sun.COM>, saml-dev@lists.oasis-open.org
>Subject: RE: [saml-dev] InterOp Scenario Extensions draft-01
>Date: Fri, 10 May 2002 17:58:44 -0400
>MIME-Version: 1.0
>Is there closure on the proposed scenario? I am not sure
>I follow exactly what is being proposed here. A re-spin would
>be helpful, I could then add it to the official demo. doc.
>- prateek
>-----Original Message-----
>From: Andy Fetterer [mailto:afetterer@crosslogix.com]
>Sent: Thursday, May 09, 2002 12:56 PM
>To: 'Bhavna Bhatnagar'; saml-dev@lists.oasis-open.org; Andy Fetterer
>Subject: RE: [saml-dev] InterOp Scenario Extensions draft-01
>Bhavna / Scott -
>Thanks for reviewing the document and making suggestions.
>In terms of how the attribute assertion is passed to the authorization
>authority, would the third proposal make the most sense?  I don't think that
>the expiration range would have to be unreasonably long. 
>I intended for the attribute to be required as part of the authorization
>query (e.g. the receiver must be able to process it), but its use in
>determining the response to the query was not required.  My concern was that
>not all authorization authorities would be able to support external
>attributes but I agree that we the requirement I wrote can be strengthened.
>That being said, should we require that the attribute be used in evaluation
>or not pass the attribute as part of the query?  I would prefer to use the
>attribute since it presents a stronger demonstration of interoperability
>between systems but would like to hear from the sub-group working on the
>authorization queries.
>-----Original Message-----
>From: Bhavna Bhatnagar [ mailto:bhavna.bhatnagar@sun.com
><mailto:bhavna.bhatnagar@sun.com> ]
>Sent: Thursday, May 09, 2002 8:49 AM
>To: saml-dev@lists.oasis-open.org; afetterer@crosslogix.com
>Subject: Re: [saml-dev]
>Thanks for writing this up. I have a few comments/suggestions embedded. Not
>if all can access the doc, since I edited it in staroffice. Here is
>the text I have embedded:
>AS part of the original specification by prateek what comes as the SSO
>during SSO has an authentication statement and the attribute statement
>the MembershipLevel attribute. Since there is no separate attribute
>coming down as part of the SSO, one would have to either:
>1.Make an attribute query to the AA, and on receving the attribute
>use that as Evidence when making the proposed Authz query. ( this does not
>sense since the receiver of the SSO assertion already has the attribute
>2. Create an attribute assertion from the attribute statement received as
>of the SSO Assertion and use that as Evidence. ( dont think this is SOAP
>though, someone please confirm)
>3.Use the same SSO Assertion as received during the SSO, which also holds
>attribute statement as the Evidence, but then this may have expired. We
>keep the expiration range to be long enough so that the assertion is alive
>the whole round trip demo.
>If its upto vendor to use/not use the attribute assertion, what's  the point
>making it ?
>We need to refine this part to choose one of the 3 options or any other
>alternatives. I think option 3 is more viable.
>Thoughts ?
>>Content-return: allowed
>>Date: Wed, 08 May 2002 12:43:56 -0700
>>From: Andy Fetterer <afetterer@crosslogix.com>
>>Subject: [saml-dev]
>>To: saml-dev@lists.oasis-open.org
>>MIME-version: 1.0
>>List-Owner: < mailto:saml-dev-help@lists.oasis-open.org
><mailto:saml-dev-help@lists.oasis-open.org> >
>>List-Post: < mailto:saml-dev@lists.oasis-open.org
><mailto:saml-dev@lists.oasis-open.org> >
>>List-Subscribe: < http://lists.oasis-open.org/ob/adm.pl
><http://lists.oasis-open.org/ob/adm.pl> >,
>< mailto:saml-dev-request@lists.oasis-open.org?body=subscribe
><mailto:saml-dev-request@lists.oasis-open.org?body=subscribe> >
>>List-Unsubscribe: < http://lists.oasis-open.org/ob/adm.pl
><http://lists.oasis-open.org/ob/adm.pl> >,
>< mailto:saml-dev-request@lists.oasis-open.org?body=unsubscribe
><mailto:saml-dev-request@lists.oasis-open.org?body=unsubscribe> >
>>List-Archive: < http://lists.oasis-open.org/archives/saml-dev/
><http://lists.oasis-open.org/archives/saml-dev/> >
>>List-Help: < http://lists.oasis-open.org/elists/admin.shtml
><http://lists.oasis-open.org/elists/admin.shtml> >,
>< mailto:saml-dev-request@lists.oasis-open.org?body=help
><mailto:saml-dev-request@lists.oasis-open.org?body=help> >
>>List-Id: <saml-dev.lists.oasis-open.org>
>Bhavna Bhatnagar                                Sun Microsystems Inc.
>Identity Management group        __o
>Tel: 408-276-3591              _`\<,_  
>                              (*)/ (*)
> ________________________________________________________________________

Bhavna Bhatnagar                                Sun Microsystems Inc.           
Identity Management group        __o
Tel: 408-276-3591              _`\<,_  
                              (*)/ (*)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC