security-core message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Strawman core assertions 0.4
- From: Philip Hallam-Baker <pbaker@verisign.com>
- To: "'security-core@lists.oasis-open.org'" <security-core@lists.oasis-open.org>
- Date: Wed, 04 Apr 2001 14:46:49 -0700
Title: RE: Final text of ballot
Attached is the latest draft in doc format. NB there is
important information in the comments.
The
key 'export' from this document would be section 3 and the references from
section 4. All other text is simply there to help explain, position etc.
The folk who write those sections of the document are welcome to use the text as
a rough starting point draft should they choose to.
The
draft is relatively coherent until we get to section 3.7 which is the actual
claims section. Here the text needs to be clarified considerably. In
particular:
By
what methods do we specify the principal, i.e. the subject of the assertion. I
believe we need to support as a minimum:
1) By
mutually agreed name, which may be specified by a URI (making it unique in an
inter-domain context)
2) An
account identifier, I suspect we need this in addition to the
name.
3)
Authentication parameters specified by means of a ds:keyinfo
element
By
what methods are the resource(s) specified. I believe we must support as a
minimum
1) A
means of specifying a specific resource (so the PEP can query the
PDP)
2) A
means of specifying an unstructured attribute corresponding to a role (or
similar) - expressed as a URI
3) A
means of specifying a highly structured attribute (e.g. Equifax credit rating,
exact details of which beyond our scope)
Phill
Phillip Hallam-Baker
Principal Scientist
VeriSign
Inc.
pbaker@verisign.com
781 245 6996 x227
Phillip Hallam-Baker (E-mail).vcf
draft-sstc-core-04.doc
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC