OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: PROPOSED TEXT: Issue Group 11: Authorization Use Case

I've rewritten this, based on email from Prateek and discussion during
various conference calls.

 - irving -

Issue Group 11:

ISSUE:[UC-11-01:AuthzUseCase] Use Case 2 in Strawman 3
03.html) describes the use of SAML for the conversation between a Policy
Enforcement Point (PEP) and a Policy Decision Point (PDP), in which the PEP
sends a request describing a particular action (such as 'A client presenting
the attached SAML data wishes to read http://foo.bar/index.html'), and the
PDP replies with an Authorization Decision Assertion instructing the PEP to
allow or deny that request.

Proposed Resolutions:

1) Continue to include this use case.

2) Remove this use case.

ISSUE:[UC-11-02:AuthzFirstContact] A second scenario for the Authorization
use case combines first contact single-sign-on
(ISSUE:[UC-1-05:FirstContact]), authentication
(ISSUE:[UC-5-01:AuthCProtocol]) and authorization.

Scenario 2.2: Authorization Service, First Contact with Authentication

In this scenario, the client makes contact only with the application; there
is not a separate authentication phase between the user and the security


I'd like to withdraw this proposed scenario and corresponding issue. This
scenario is based on the assumption that what I have called 'Login' is
within the SAML scope. Since it is not, Scenario 2.2 becomes identical to
Scenario 2.1. The initiating entity must perform a separate, non-SAML login
to the security system.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC