[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] XPath Attribute Profile: Use cases
Sorry, I'm probably a bit late jumping in this thread, but could you provide arguments as to why doing this XPath profile would result in something that is better/more useful than the Liberty DST based service(s) ? Don't get me wrong, I'm not saying that a XPath profile would be a bad idea; I'm merely thinking of how such a (new) SAML Attribute Provider would compare to an ID-WSF attribute provider. Just as an example of some differences: ID-WSF has support for User Interactions; ID-WSF can do "modify". Now in some use cases these are important, in (many?) other cases not. So what would be the *use* cases that favor the SAML Attribute Provider enhanced with the XPath attribute profile ? More specifically what use cases are made possible, i.e. cannot be realized with today's standards/products, with such a profile? I mean use cases that do not presume that one has to use a SAML Attribute Provider, or Liberty, or any other standard(s). thanks, Robert > Here are some use cases I see for an xpath attribute profile. > > Use case 1: SAML attributes from existing liberty data services > Attribute Authorities can use the existing liberty data services, > employee profile (EP) and personal profile (PP), to create attribute > statements in assertions. Specifically, each leaf node can be > identified and asserted. (more nodes would be useful but the text > nodes is really what I'm after. These profiles enumerate an XPath for > each text node). > > Use case 2: SAML attributes from generic liberty data services > Attribute Authorities can use any liberty profile to create attribute > statements in assertions. This is really any XML document associated > with a user. Parts of the document can be identified and asserted. > (Conforming to the liberty data services template simply means that a > service can be queried or modified with liberty's query or modify. > Instead I'd like a way to query via SAML's attribute query.) > > Use case 3: SAML attributes from General XML documents > Attribute Authorities can use any XML document associated with the > user to create attribute statements in assertions. > > Use case 4: Query for attributes from XML documents > Query for attributes in XML documents (use cases 1-3) > > Use case 5: Advertise in meta-data attributes from XML documents > Publish available attributes derived from XML documents (use cases 1-3) > > > - Cameron > > Cameron Morris > Novell, Inc., the leading provider of Linux and identity solutions > http://www.novell.com > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]