[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Strawman core assertions 0.4
-----Original Message-----
From: Philip Hallam-Baker [mailto:pbaker@verisign.com]
Sent: Wednesday, April 04, 2001 5:47 PM
To: 'security-core@lists.oasis-open.org'
Subject: Strawman core assertions 0.4Attached is the latest draft in doc format. NB there is important information in the comments.The key 'export' from this document would be section 3 and the references from section 4. All other text is simply there to help explain, position etc. The folk who write those sections of the document are welcome to use the text as a rough starting point draft should they choose to.The draft is relatively coherent until we get to section 3.7 which is the actual claims section. Here the text needs to be clarified considerably. In particular:By what methods do we specify the principal, i.e. the subject of the assertion. I believe we need to support as a minimum:1) By mutually agreed name, which may be specified by a URI (making it unique in an inter-domain context)2) An account identifier, I suspect we need this in addition to the name.3) Authentication parameters specified by means of a ds:keyinfo elementBy what methods are the resource(s) specified. I believe we must support as a minimum1) A means of specifying a specific resource (so the PEP can query the PDP)2) A means of specifying an unstructured attribute corresponding to a role (or similar) - expressed as a URI3) A means of specifying a highly structured attribute (e.g. Equifax credit rating, exact details of which beyond our scope)PhillPhillip Hallam-Baker
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC