OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-dev] attribute retrieval protocol


I may not be fully understanding your use case, but the SAML Profile of XACML
describes how to use SAML Attribute Queries to get attributes, and describes
how to map the responses into XACML Attributes.  The SAML schema for these
queries and responses can be used by an XACML Context Handler to request
attributes from some other entity in the network (the application, an
Attribute Authority, etc.).

Anne Anderson

>This is related to remore PDP problem. If there's not enough attributes in  
>the reques, how does PDP finds them?
>There's no XML schema to request an attribute. According to spec context  
>handler find attributes. How is this going to work in the netwrok?
>I thought if there wer XML schema to request attribute, then this could  
>work better in Web environment. A client sends XACML Request to PDP  
>server. Currently, it expects to get XACML Response with a decision.
>  What if we change Response contract, making it return a request for  
>additional information. there'll be XACML scehma for a responce with such  
>a request.
>1. Request goes to PDP
>2. Response from PDP contains a request for additional information. It  
>also has a sessionId.
>3. new Request with additional info goes to PDP, it contains sessionId  
> from prev step, so PDP knows that this is for an existing request.
>4. Response from PDP contains a decision.
>Basically, this is alomost the same how it works now, the difference is  
>that request to ContextHandler for other attributes has its own XML schema.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]