[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: First draft of ballot questions
Tim,
>{AP-2} Questions the PEP can ask the PDP
>
>The PDP returns as much information as it can find on the Principal,
>including unsolicited attributes. It has been suggested that some PEPs
>may not be able to anticipate what attribute values are available. So,
>they would welcome whatever the PDP can discover, and select from
>that set whatever they can make use of. Personalization data was
>cited as an example. Others felt that personalization data was
>outside our scope and SAML should not concern itself with such matters.
>Some said that there is a continuum of security and personalization
>information, and it is not possible to draw a clear line between one
>type and the other.
This is a good summary of the discussion we had on the teleconference.
I was hoping and expecting however to get more detail on the
representation of returned information -- particularly for the case
where we were might be passing back extended information (like
personalization data) and/or authorization attributes in addition to
an authZ "yes/no" decision.
Without seeing what this might look like, I feel uneasy with the
options as they stand.
I thought that we (on the teleconference) had agreed that some schema
and examples would be a good thing that would promote understanding of
the returned information case. Did I misinterpret? Or did no one
volunteer to do it? (I see that you are not of the opinion that
anything other than a yes/no decision should be returned to the PEP,
so I guess this ought not be you!)
Regards,
Marlena Erdos
IBM/Tivoli
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC