[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [saml-dev] Using XACML with SAML
Considering the following scenario where SAML-pull model is used: An employee (Emp) of a company (Source site) is interested in accessing information on insurance provider's site (Dest site). 1) Emp is authenticated by Source site 2) Emp selects benefits link on Source site 3) Source site provides artifact to Emp and redirects to Dest site 4) Emp provides artifact and requests service on Dest site 5) Dest site requests SAML assertion from Source site 6) Source site provides SAML assertion 7) Dest site provides service to Emp If XCML is to be applied to this scenario, is it Source site's responsibility to find an appropriate policy, consider rules, decide and provide the authorization decision to the Dest site (i.e. in between steps 5 and 6)? If the answer is yes, then why PEP/PDP are shown as enforcing XACML policies and rules? Because, based on SAML Domain Model Figure (saml spec), I am assuming that PEP/PDP are part of Destination site. I am sure specs are correct, but I am unable to understand the logic when both SAML and XACML are to be applied to the above scenario. I really apprecaite replies to this :) Thanks a lot... - Raju.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC