OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Requirement for Isolated Request for Authorization Atributes


In last week's Core Assertions concall there was some discussion about the
idea of requesting Authorization Attributes for a user who is not currently
logged in. I have a recollection of someone on a Use Case concall a few
weeks ago saying this was an important requirement. Unfortunately I do not
remember who it was. It was pointed out that the current use cases do not
contain this element.

Obviously a request of this type could be used as a performance
optimization, but does someone have another scenario in mind? I hope no one
is planning to use SAML for provisioning. Based on current thinking, I don't
think this will work.

As I was writing this, I realized that perhaps what was intended was a
business transaction scenario, for example: UC-2-08:ebXML, currently in the
issues list. In this case, the PDP may retrieve the Authorization Attributes
after having received an ebXML message from the user.

Are there any other use cases which involve the request of Authorization
Attributes when an Authentication Assertion has not previously been issued?

Hal




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC