OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] XPath Attribute Profile: Use cases


Sorry, I'm probably a bit late jumping in this thread, but could you 
provide arguments as to why doing this XPath profile would result in 
something that is better/more useful than the Liberty DST based 
service(s) ? Don't get me wrong, I'm not saying that a XPath profile 
would be a bad idea; I'm merely thinking of how such a (new) SAML 
Attribute Provider would compare to an ID-WSF attribute provider.
Just as an example of some differences: ID-WSF has support for User 
Interactions; ID-WSF can do "modify". Now in some use cases these are 
important, in (many?) other cases not.
So what would be the *use* cases that favor the SAML Attribute Provider 
enhanced with the XPath attribute profile ? More specifically what use 
cases are made possible, i.e. cannot be realized with today's 
standards/products, with such a profile?  I mean use cases that do not 
presume that one has to use a SAML Attribute Provider, or Liberty, or 
any other standard(s).

thanks, Robert

> Here are some use cases I see for an xpath attribute profile.
>  
> Use case 1: SAML attributes from existing liberty data services
> Attribute Authorities can use the existing liberty data services, 
> employee profile (EP) and personal profile (PP), to create attribute 
> statements in assertions.  Specifically, each leaf node can be 
> identified and asserted.  (more nodes would be useful but the text 
> nodes is really what I'm after.  These profiles enumerate an XPath for 
> each text node).
>  
> Use case 2: SAML attributes from generic liberty data services
> Attribute Authorities can use any liberty profile to create attribute 
> statements in assertions.  This is really any XML document associated 
> with a user.  Parts of the document can be identified and asserted.  
> (Conforming to the liberty data services template simply means that a 
> service can be queried or modified with liberty's query or modify. 
>  Instead I'd like a way to query via SAML's attribute query.)
>  
> Use case 3: SAML attributes from General XML documents
> Attribute Authorities can use any XML document associated with the 
> user to create attribute statements in assertions.
>  
> Use case 4: Query for attributes from XML documents
> Query for attributes in XML documents (use cases 1-3)
>  
> Use case 5: Advertise in meta-data attributes from XML documents
> Publish available attributes derived from XML documents (use cases 1-3)
>  
>  
> - Cameron
>
> Cameron Morris
> Novell, Inc., the leading provider of Linux and identity solutions
> http://www.novell.com
>
>
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]