[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] SAML TP and AuthorizationDecisionStatements
Manesh, The profile is intended to be applicable to all SAML statements that may be confirmed according to one of the profiled conf methods. The STP doesn not describe the correlelation between an AuthorizationDecisionStatment and the target of the SOAP request. This seems like something that would be useful and perhaps we can find some existing work on the the mapping you are suggesting within the the XACML or SAML TC's. I think it may be that the correlation of the decision statement to the request should be done by the PEP separately from the validation of the confirmation method (as described by te STP). Ron Maneesh Sahu wrote: > Hi, > > I had some additional questions about the SAML TP: > > > > - Are AttributeStatements the only statements pertinent to > the SAML TP? > > - Are AuthenticationStatements and > AuthorizationDecisionStatements useful in the WSS scenarios? > > - If AuthorizationDecisionStatements are applicable to WSS, > how does one specify a fine-grained Web Services resource in the > Statement? The SAML spec specifies simple HTTP endpoints. How can one > specify a particular operation with a particular SOAP-Action URI at a > particular endpoint as the targeted resource? > > > > --ms >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]