xacml-dev message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: questions on the SAML profile for XACML.
- From: "Shawn Ma" <sma@bea.com>
- To: <xacml-dev@lists.oasis-open.org>
- Date: Fri, 6 Jan 2006 15:09:36 +0800
Hi
all,
I'm trying to do
something with the SAML profile for XACML. But found some confusing
questions.
1. The SAML
profile for XACML specifies an element <XACMLAuthzDecisionQuery>,
which is a replacement of <samlp:AuthzDecisionQuery>
element. In section 6 of that spec, there's a requirement saying "An
<XACMLAuthzDecisionQuery> or <XACMLPolicyQuery> SHALL be
encapsulated in a <samlp:RequestAbstractType> element, which MAY be
signed."
My
question is, the samlp:RequestAbstractType in SAML 2.0 is not an element, it is
just a type, how can a XACML query be put in such an
element/type?
In
other words, how to fill the 'ELEMENT_NAME' in the following soap call?
<XACMLAuthzDecisionQuery>?
<SOAP-ENV:Body>
<samlp:ELEMENT_NAME
xmlns:… ID=”123456”
Version=”2.0”…>
<ds:Signature>…</ds:Signature>
<xacml-context:Request
xmlns:xacml-context=”…”>
…<Action>…<Subject>…
</xacml-context:Request>
</samlp:ELEMENT_NAME>
</SOAP-ENV:Body>
2: in the
response, the <XACMLAuthzDecisionStatement>, as a replacement of
<samlp:AuthzDecisionStatement>, is stated to be put in a
<saml:Assertion>. But the <saml:Assertion> by schema can't conatain
an <XACMLAuthzDecisionStatement> directly. Does this mean that the
<XACMLAuthzDecisionStatement> should be put in a <saml:Statement>
with xsi:type like this?
<saml:Assertion>
...
<saml:Statement
xsi:type="xacml-saml:XACMLAuthzDecisionStatement">
<xacml-saml:Response>....
</....>
3. Why so
complicated? Why don't we just have a SOAP profile for XACML, so we can directly
<xacml-context:Request> and <xacml-context:Response> in a SOAP body?
I'm a bit curious.
Thanks,
Shawn
bea.bmp
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
