OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] Delegation?

Has anybody thought about how delegation can be reasoned about in XACML?

It appears that SAML only asserts a flat list of attributes with a single
principal, or am I off base here?

Can I support policies on such operations as:

Paul for Peter says debit Peter's account?

Which mean that Paul (or some other party trusted to do so) has issued
Paul the authorization to act on behalf of Peter, in this case to access
Peter's account.

Or such things, like

WebServer quoting JohnDoe says lookup  in customer database.

Where the WebServer may be trusted to authenticate JohnDoe, but no such
proof is necessary other than the WebServer merely claiming to be acting
on JohnDoe's behalf?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC