[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: First draft of ballot questions
Tim, >{AP-2} Questions the PEP can ask the PDP > >The PDP returns as much information as it can find on the Principal, >including unsolicited attributes. It has been suggested that some PEPs >may not be able to anticipate what attribute values are available. So, >they would welcome whatever the PDP can discover, and select from >that set whatever they can make use of. Personalization data was >cited as an example. Others felt that personalization data was >outside our scope and SAML should not concern itself with such matters. >Some said that there is a continuum of security and personalization >information, and it is not possible to draw a clear line between one >type and the other. This is a good summary of the discussion we had on the teleconference. I was hoping and expecting however to get more detail on the representation of returned information -- particularly for the case where we were might be passing back extended information (like personalization data) and/or authorization attributes in addition to an authZ "yes/no" decision. Without seeing what this might look like, I feel uneasy with the options as they stand. I thought that we (on the teleconference) had agreed that some schema and examples would be a good thing that would promote understanding of the returned information case. Did I misinterpret? Or did no one volunteer to do it? (I see that you are not of the opinion that anything other than a yes/no decision should be returned to the PEP, so I guess this ought not be you!) Regards, Marlena Erdos IBM/Tivoli
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC