[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml-comment] Benefits/limitations of SAML vs. XACML Context
Hi. We're currently modifying our application to use make use of XACML policies to make authorization decisions. For the time being, I'm developing a simple prototype Context Handler/PDP. In our original design, we planned on sending SAML requests from our application (PEP) to the PDP. After looking into mapping from SAML to XACML Context, I've found some limitations in SAML including the fact that the only the resource URI can be specified. There doesn't seem to be any way to specify multiple attributes on the resource, which XACML Context supports. Similarly for the Action. My questions are: a) whether there is any way to support multiple attributes for resource/action in the SAML request and b) whether there is any reason to use SAML in this context, or whether I should just send XACML Context Requests from our application. Given that we are designing both the PEP and PDP, using XACML Context instead of SAML may be our best option. I apologize if this veers slightly from XACML towards SAML, but I didn't want to cross post and I figured that the XACML might have some opinions on the matter. Thanks. Wes
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC