OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: OGF document released for public comment: "Use of XACML RequestContext..."


I'm queueing up this citation for reference in the Daily Newslink
newsletter [1].  It's of possible interest to XACML and SAML TC members.

This document was released by OGF for public comment

"Use of XACML Request Context to Obtain an Authorisation Decision"

Open Grid Forum (OGF) Proposed Recommendation
Edited by: David W. Chadwick, Linying Su, Romain Laborde
  (University of Kent, Information Systems Security Group)
Produced by: OGSA Authorization WG (OGSA-AUTHZ-WG)
   http://www.ogf.org/gf/group_info/view.php?group=ogsa-authz-wg
OGF Area: Security

End of comment period: August 13,2008
Document date: 31-March-2008
Extent: 12 pages
Document type: P-REC (Proposed Recommendation)
Document URI: 
http://www.ogf.org/Public_Comment_Docs/Documents/2008-06/XACMLContextProfile0-5.pdf
Comment URI: http://www.ogf.org/gf/docs/comment.php?id=262

Abstract

The purpose of this document is to specify a protocol for
accessing a Policy Decision Point (PDP) by a Grid Policy
Enforcement Point (PEP) in order to obtain access control
decisions containing obligations. The protocol is a profile
of the SAML2.0 profile of XACML, tailored especially for grid
use.

This document describes how an XACML request context can be
created and transferred by a Grid Policy Enforcement Point
(PEP) to a Police Decision Point (PDP) in order to obtain
authorisation decisions (possibly including obligations)
for Grid applications. The XACML request context contains
attributes of the subject, resource, action and environment,
and is transported to the PDP in a SAMLv2 request message.
The XACML response context contains an authorization
decision and optional obligations that must be enforced by
the PEP, either before, with or after enforcement of the
user's request.

-- Robin Cover

[1] http://xml.coverpages.org/newsletterArchive.html

Robin Cover
OASIS, Chief Information Architect
Editor, Cover Pages and XML Daily Newslink
http://xml.coverpages.org/



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]