OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [saml-dev] Using XACML with SAML

Considering the following scenario where SAML-pull model is used:

An employee (Emp) of a company (Source site) is interested in accessing
information on insurance provider's site (Dest site).

1) Emp is authenticated by Source site
2) Emp selects benefits link on Source site
3) Source site provides artifact to Emp and redirects to Dest site
4) Emp provides artifact and requests service on Dest site
5) Dest site requests SAML assertion from Source site
6) Source site provides SAML assertion
7) Dest site provides service to Emp

If XCML is to be applied to this scenario, is it Source site's
responsibility to find an appropriate policy, consider rules, decide and
provide the authorization decision to the Dest site (i.e. in between
steps 5 and 6)?

If the answer is yes, then why PEP/PDP are shown as enforcing XACML
policies and rules?  Because, based on SAML Domain Model Figure (saml
spec), I am assuming that PEP/PDP are part of Destination site.

I am sure specs are correct, but I am unable to understand the logic
when both SAML and XACML are to be applied to the above scenario.  I
really apprecaite replies to this :)

Thanks a lot...
- Raju.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC