OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml-comment] Benefits/limitations of SAML vs. XACML Context


We're currently modifying our application to use make use of XACML policies
to make authorization decisions. For the time being, I'm developing a simple
prototype Context Handler/PDP. In our original design, we planned on sending
SAML requests from our application (PEP) to the PDP. After looking into
mapping from SAML to XACML Context, I've found some limitations in SAML
including the fact that the only the resource URI can be specified. There
doesn't seem to be any way to specify multiple attributes on the resource,
which XACML Context supports. Similarly for the Action. My questions are:

a) whether there is any way to support multiple attributes for
resource/action in the SAML request and
b) whether there is any reason to use SAML in this context, or whether I
should just send XACML Context Requests from our application.

Given that we are designing both the PEP and PDP, using XACML Context
instead of SAML may be our best option.

I apologize if this veers slightly from XACML towards SAML, but I didn't
want to cross post and I figured that the XACML might have some opinions on
the matter.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC