[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Correspondence between assertion model and use cases model
Acting on the assumption that David Orchards most recent document will be accepted as consensus for the group. Here is the correspondence between the '3-corner' assertion model and the use case model. The one piece that may be controvertial is allowing a PDP to use data generated by another PDP. I do not see how this can be avoided however since the actions taken by the PDP are to decide policy which is outascope in any case, there is nothing we can do to stop a PDP relaying a request to another party using an SAML PEP-PDP protocol. 1.1.1 Principal A Principal is in each case the Subject of a SAML assertion. 1.1.2 Authentication Authority An Authentication Authority is the Issue Point of a SAML authentication assertion. 1.1.3 Attribute Authority A Attribute Authority is the Issue Point of a SAML attribute assertion. 1.1.4 Policy Decision Point A Policy Decision Point (PDP) is the relying party of SAML assertions issued by authentication authorities, attribute authorities and other Policy Decision Points. A SAML Policy Decision Point is the issue point of a SAML decision assertion. 1.1.5 Policy Enforcement Point A Policy Enforcement Point (PEP) is by definition the relying party of an SAML decision assertion. Phillip Hallam-Baker Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227 <<Phillip Hallam-Baker (E-mail).vcf>>
Phillip Hallam-Baker (E-mail).vcf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC