[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] XACML and Certificate Based Authentificationwith SAML
On Thu, 2009-11-12 at 12:32 +0100, Martin Schneider wrote: > Hello list, > .... > - authz decision, permit / deny > > My first question is about the authz decision. When SAML authority > says "permit", why would I ask an XACML PDP for his decision? This is probably some leftover from the time where SAML and XACML had some overlap concerning authorization. According to my understanding the use of the authz statement in SAML has been discontinued/deprecated in favor of the XACML request/response format. So you should use XACML for authz decisions and SAML for auth and attribute statements. See the saml-core-2.0 spec page 31 section 2.7.4 for the official statement on this. Hope it helps, Ludwig Seitz -- Ludwig Seitz, PhD | Axiomatics AB Training & Development | Electrum 223 Phone: +46 (0)760 44 22 91 | S-164 40 Kista, Sweden Mail: ludwig@axiomatics.com |
This is a digitally signed message part
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]