OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] SAML Elevator Speech


Your choice of questions is a good selection for the elevator conversation. It highlights two operations, authentication and authorization.


However, my band wagon goes along the lines of acknowledging that SAML is just a transport of information when it comes to authorization. What those attributes are can be signed and sealed, but that ends it. (Unless you are in a closed company environment and you know any requests come from YOUR authorizer who knows before  hand what your service attributes are.)

I may very well have different business rules required for authorization of services x, y and q32. So only the service provider knows what authority to make the authorizing request of. SAML has the requestors (usually user) attributes, the provider has the service attributes and the authority can assess the combination. That can not be prehandled (In My humble Opinion.)



Michael A. Barnhart

Technical Data Integrity - System Architect




From: Costello, Roger L. [mailto:costello@mitre.org]
Sent: Friday, April 21, 2006 8:33 AM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] SAML Elevator Speech


Hi Folks,


I am trying to boil down SAML to its essence.  Below is what I’ve come up with. 


SAML Elevator Speech


A service provider can ask an authority one of these questions:


  1. Have you authenticated this ____ subject?
  2. For this ____ subject, what are his values for these ____ attributes?
  3. Should this ____ subject be allowed to take these ____ actions on this ____ resource?



An authority can make these statements (assertions):


  1. This ____ subject was authenticated on this ____ datetime, using this ____ mechanism.
  2. This ____ subject has this ____ value for this ____ attribute.
  3. For this ____ subject, taking this ____ action on this ____ resource, the decision is ____.



Is this an accurate assessment of what you can do with SAML?  Is it complete?  /Roger

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]