[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: PROPOSED TEXT: Issue Group 11: Authorization Use Case
I've rewritten this, based on email from Prateek and discussion during various conference calls. - irving - ---------------------------------------------------------- Issue Group 11: ISSUE:[UC-11-01:AuthzUseCase] Use Case 2 in Strawman 3 (http://www.oasis-open.org/committees/security/docs/draft-sstc-use-strawman- 03.html) describes the use of SAML for the conversation between a Policy Enforcement Point (PEP) and a Policy Decision Point (PDP), in which the PEP sends a request describing a particular action (such as 'A client presenting the attached SAML data wishes to read http://foo.bar/index.html'), and the PDP replies with an Authorization Decision Assertion instructing the PEP to allow or deny that request. Proposed Resolutions: 1) Continue to include this use case. 2) Remove this use case. ------------------------------------------------------------ ISSUE:[UC-11-02:AuthzFirstContact] A second scenario for the Authorization use case combines first contact single-sign-on (ISSUE:[UC-1-05:FirstContact]), authentication (ISSUE:[UC-5-01:AuthCProtocol]) and authorization. Scenario 2.2: Authorization Service, First Contact with Authentication In this scenario, the client makes contact only with the application; there is not a separate authentication phase between the user and the security system. ** WITHDRAWN ** I'd like to withdraw this proposed scenario and corresponding issue. This scenario is based on the assumption that what I have called 'Login' is within the SAML scope. Since it is not, Scenario 2.2 becomes identical to Scenario 2.1. The initiating entity must perform a separate, non-SAML login to the security system.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC