RE: Requirement for Isolated Request for Authorization Atributes

["Orchard, David" <dorchard@jamcracker.com>]

Pardon my gross ignorance, but is requesting authorization attributes
roughly equivalent to requesting policies?  So would it be that SAML defines
a carrier for whatever XACL defines for ACLs?

Dave

> -----Original Message-----
> From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
> Sent: Monday, March 12, 2001 7:19 AM
> To: 'security-use@lists.oasis-open.org';
> 'security-core@lists.oasis-open.org'
> Subject: Requirement for Isolated Request for Authorization Atributes
> 
> 
> In last week's Core Assertions concall there was some 
> discussion about the
> idea of requesting Authorization Attributes for a user who is 
> not currently
> logged in. I have a recollection of someone on a Use Case 
> concall a few
> weeks ago saying this was an important requirement. 
> Unfortunately I do not
> remember who it was. It was pointed out that the current use 
> cases do not
> contain this element.
> 
> Obviously a request of this type could be used as a performance
> optimization, but does someone have another scenario in mind? 
> I hope no one
> is planning to use SAML for provisioning. Based on current 
> thinking, I don't
> think this will work.
> 
> As I was writing this, I realized that perhaps what was intended was a
> business transaction scenario, for example: UC-2-08:ebXML, 
> currently in the
> issues list. In this case, the PDP may retrieve the 
> Authorization Attributes
> after having received an ebXML message from the user.
> 
> Are there any other use cases which involve the request of 
> Authorization
> Attributes when an Authentication Assertion has not 
> previously been issued?
> 
> Hal
> 
> 
> 
> ------------------------------------------------------------------
> To unsubscribe from this elist send a message with the single word
> "unsubscribe" in the body to: 
> security-use-request@lists.oasis-open.org
>