OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services-comment] Hi, please help on this question about SAML

Hi, guys

I'm new to SAML, so, please help on the following questions. Thanks!

A. Questions about Figure 1 in "Asserstions and Protocol for SAML,
Committee Specification 01, 31 May 2002".

      1. There's 3 policy repositories listed at the top of the figure. Are
they all XACML policy repositories? Or only the one for 'Policy Decision
Point' is of XACML, because XACML represents authorization and entitlement
policies, not for authentication and attribute (access) policies?

      2. What do the dashed arrows mean? "Authentication Assertion" can be
input for "Attribute Authority" to make "Attribute Assertion"?

B. Question about Binding and Profile:

      1. What's the relationship and difference between Binding and
Profile, for example, SOAP Binding and SOAP Profile? The definitions sound
good, but when applying to SOAP Binding and SOAP Profile, I'm confused.

C. Question about Authentication Request:

      1. What message should be used when raising an Authentication
Request? Authentication Query seems to query the authentication acts
already performed.

D. Question about the data model which SAML applied to:

      1. The 'subject', 'resource', 'action', etc are all be described with
anyURI. The the participants in the SAML usage should  describe their
subjects, resources, actions, and other data models using URI like format,
right? For example, an XML file describing the data model of their IT
system.           And they should agree on this, right?     Why not define
a meta-model for these data model?

Thanks a lot!

Best Regards,

Yang Shunxiang, 杨顺祥
IBM China Research Lab
4F, HaoHai, #7, 5th Street, Shangdi, BEIJING, 100085, CHINA
TEL:    86-10-62986677 ext. 545
FAX:    86-10-82899634
E-mail: yangsx@cn.ibm.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC