[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Potential SAML issues
Hello, Sekhar Vajjhala - Sun Microsystems wrote: > ISSUE: saml:Action is a "string" > > saml:Action is currently specified as a "string". Making Action > an abstract type would allow it to be extended. This would allow > the content model to be defined by a schema external to the SAML > spec. > > Thus what constitues an action could be determined by the J2SE > schema. In SAML, saml:Action is used only in saml:Actions and saml:Actions have Namespace as an attribute. So it is possible to write action(s) such as: <saml:Actions Namespace="urn:J2SEPermission:java.io.FilePermission"> <saml:Action>write</saml:Action> </saml:Actions> or <saml:Actions Namespace="urn:J2SEPermission"> <saml:Action>java.io.FilePermission:write</saml:Action> </saml:Actions> But it will be useful if we can write something like: <saml:Action> <J2SEPermission class="java.io.FilePermission">write</J2SEPermission> </saml:Action> > ISSUE: saml:AuthorizationQuery requires actions. > > If actions are optional for XACML, then why should <saml:Actions> > be required in <saml:AuthorizationQuery> ? Both the wording in > the SAML assertions draft as well as the SAML schema place > such a requirement. saml:Actions should be optional in the > AuthorizationQuery to accomodate queries without actions. > > At least for now, I don't anticipate this as an issue for J2SE. In the latest SAML spec (core-25), AuthorizationDecisionQuery element has Resource attribute and Actions element and both of them are "required". Does this cause much problems? (Resource attribute is "optional" for AuthorizationDecisionStatement element.) As for J2SE case, I think there is an issue in terminology. Sekhar wrote:: | A J2SE permission consists of | | a. target ("resource" in XACML terminology ) | b. action (optional) (http://lists.oasis-open.org/archives/xacml/200112/msg00045.html) In the example of FilePermission, everyone will agreee on that "/tmp/*" indicates resources(targets) and "read,write" indicates action(s). In regard to AWTPermission, the J2SE document says: | This is in the same spirit as the RuntimePermission; it's a | permission without actions. The targets for this class are: | | accessClipboard | accessEventQueue | listenToAllAWTEvents | showWindowWithoutWarningBanner (http://java.sun.com/j2se/1.4/docs/guide/security/spec/security-spec.doc3.html#20327) It says that "accessClipboard" is a target, however, I think it is possible to say "accessClipboard" is an action (in XACML terminology). > ISSUE: single subject in AuthorizationQuery > > saml:AuthorizationQuery currently only contains a single > Subject. While a saml:Subject can support multiple NameIdentifier > or SubjectConfirmation or AssertionSpecifier elements, it > is required that they all belong to the same principal. So > a single subject cannot be used for unrelated principals. > > In J2SE, there is a need to base access control on multiple > principals which are not related and this therefore points to > to a need for more than one Subject in the saml:AuthorizationQuery > > NOTE: The way out of this appears to be extend > SubjectQueryAbstractType. Is this the same issue with ISSUE:[DS-11-01:MultipleSubjectAssertions] in draft-sstc-saml-issues-06.pdf? Regards, Toshi --- NISHIMURA Toshihiro (FAMILY Given) nishimura.toshi@jp.fujitsu.com XML Application Technology Dept., PROJECT-A XML, FUJITSU LIMITED
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC