OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [xacml] SAML to XACML Context sample transformation


I wrote a sample XSLT transformation that transforms SAML:Request into
XACML:Context that I proposed the other day. The XACML Context syntax is a
little different from what Simon proposed before but I think it is not
difficult to change this to other XACML Context syntax. I used the
SAML:Request described in the XACML draft v0.13 page 10 (3.3 Example
authorization decision request) with a couple of corrections (e.g. a wrong
element name not used in the latest SAML spec). Note this sample
transformation does not support full SAML:Request spec and may not work
correctly in some cases. It generates the following XACML Context. I
attached two files: SAML-XACMLContext.xsl and SAMLRequest.xml.

<?xml version="1.0" encoding="UTF-8"?>
<RequestContext xmlns:samlp
="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-protocol-28.xsd";

xmlns:saml
="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-28.xsd";>
  <ContextPrincipal>
    <Principal PrincipalType="RequestingUser">
      <Attribute AttributeName="NameIdentifier" AttributeNamespace
="//medico.com">Julius Hibbert</Attribute>
      <Attribute AttributeName
="AuthenticationInstant">2002-03-08T08:23:45-05:00</Attribute>
      <Attribute AttributeName
="AuthenticationMethod">http://www.oasis-open.org/committees/security/docs/draft-sstc-core-28/password-sha1</Attribute>
      <Attribute AttributeName
="ConfirmationMethod">http://www.oasis-open.org/committees/security/docs/draft-sstc-core-24/artifact</Attribute>
      <Attribute AttributeName="IPAddress">217.57.95.242</Attribute>
      <Attribute AttributeName="role" AttributeNamespace
="//medico.com">physician</Attribute>
    </Principal>
  </ContextPrincipal>
  <ContextResource>
    <Resource ResourceType="XML">
      <Attribute AttributeName="ResourceURI">//medico.com/record/patient
[@patientName/first='Bartholomew'][@patientName/last
='Simpson']/patientDoB</Attribute>
    </Resource>
  </ContextResource>
  <ContextAction>
    <Action ActionType="XMLAction">
      <Attribute AttributeName="read"/>
    </Action>
  </ContextAction>
</RequestContext>

(See attached file: SAML-XACMLContext.xsl)(See attached file:
SAMLRequest.xml)
Michiharu Kudo

IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428

Attachment: SAML-XACMLContext.xsl
Description: Binary data

Attachment: SAMLRequest.xml
Description: Binary data



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC