OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] SAML TP and AuthorizationDecisionStatements


The profile is intended to be applicable to all SAML statements that
may be confirmed according to one of the profiled conf methods.

The STP doesn not describe the correlelation between an 
and the target of the SOAP request. This seems like something that would 
be useful and
perhaps we can find some existing work on the the mapping you are 
suggesting within the
the XACML or SAML TC's.

I think it may be that the correlation of the decision statement to the 
request should
be done by the PEP separately from the validation of the confirmation 
method (as
described by te STP).


Maneesh Sahu wrote:

> Hi,
> I had some additional questions about the SAML TP:
> -          Are AttributeStatements the only statements pertinent to 
> the SAML TP?
> -          Are AuthenticationStatements and 
> AuthorizationDecisionStatements useful in the WSS scenarios?
> -          If AuthorizationDecisionStatements are applicable to WSS, 
> how does one specify a fine-grained Web Services resource in the 
> Statement? The SAML spec specifies simple HTTP endpoints. How can one 
> specify a particular operation with a particular SOAP-Action URI at a 
> particular endpoint as the targeted resource?
> --ms

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]