OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-core message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Correspondence between assertion model and use cases model


Acting on the assumption that David Orchards most recent document will be
accepted as consensus for the group. Here is the correspondence between the
'3-corner' assertion model and the use case model.
The one piece that may be controvertial is allowing a PDP to use data
generated by another PDP. I do not see how this can be avoided however since
the actions taken by the PDP are to decide policy which is outascope in any
case, there is nothing we can do to stop a PDP relaying a request to another
party using an SAML PEP-PDP protocol.
1.1.1	Principal
A Principal is in each case the Subject of a SAML assertion.
1.1.2	Authentication Authority
An Authentication Authority is the Issue Point of a SAML authentication
assertion.
1.1.3	Attribute Authority
A Attribute Authority is the Issue Point of a SAML attribute assertion.
1.1.4	Policy Decision Point
A Policy Decision Point (PDP) is the relying party of SAML assertions issued
by authentication authorities, attribute authorities and other Policy
Decision Points. A SAML Policy Decision Point is the issue point of a SAML
decision assertion.
1.1.5	Policy Enforcement Point
A Policy Enforcement Point (PEP) is by definition the relying party of an
SAML decision assertion.


Phillip Hallam-Baker
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227 <<Phillip Hallam-Baker (E-mail).vcf>> 

Phillip Hallam-Baker (E-mail).vcf



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC