[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SAML Elevator Speech
Roger, Your choice of questions is a good
selection for the elevator conversation. It highlights two operations,
authentication and authorization. However, my band wagon goes along the lines
of acknowledging that SAML is just a transport of information when it comes to
authorization. What those attributes are can be signed and sealed, but that
ends it. (Unless you are in a closed company environment and you know any
requests come from YOUR authorizer who knows before hand what your
service attributes are.) I may very well have different business
rules required for authorization of services x, y and q32. So only the service
provider knows what authority to make the authorizing request of. SAML has the
requestors (usually user) attributes, the provider has the service attributes
and the authority can assess the combination. That can not be prehandled (In My
humble Opinion.) Michael A. Barnhart Technical Data Integrity - System
Architect 817-763-3372 michael.a.barnhart@lmco.com From: Costello, Roger
L. [mailto:costello@mitre.org] Hi Folks, I am trying to boil down SAML to its essence. Below is
what I’ve come up with. SAML Elevator Speech A service provider can ask an authority one of these
questions:
An authority can make these statements (assertions):
Is this an accurate assessment of what you can do with
SAML? Is it complete? /Roger |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]