[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] SAML to XACML Context sample transformation
I wrote a sample XSLT transformation that transforms SAML:Request into XACML:Context that I proposed the other day. The XACML Context syntax is a little different from what Simon proposed before but I think it is not difficult to change this to other XACML Context syntax. I used the SAML:Request described in the XACML draft v0.13 page 10 (3.3 Example authorization decision request) with a couple of corrections (e.g. a wrong element name not used in the latest SAML spec). Note this sample transformation does not support full SAML:Request spec and may not work correctly in some cases. It generates the following XACML Context. I attached two files: SAML-XACMLContext.xsl and SAMLRequest.xml. <?xml version="1.0" encoding="UTF-8"?> <RequestContext xmlns:samlp ="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-protocol-28.xsd" xmlns:saml ="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-28.xsd"> <ContextPrincipal> <Principal PrincipalType="RequestingUser"> <Attribute AttributeName="NameIdentifier" AttributeNamespace ="//medico.com">Julius Hibbert</Attribute> <Attribute AttributeName ="AuthenticationInstant">2002-03-08T08:23:45-05:00</Attribute> <Attribute AttributeName ="AuthenticationMethod">http://www.oasis-open.org/committees/security/docs/draft-sstc-core-28/password-sha1</Attribute> <Attribute AttributeName ="ConfirmationMethod">http://www.oasis-open.org/committees/security/docs/draft-sstc-core-24/artifact</Attribute> <Attribute AttributeName="IPAddress">217.57.95.242</Attribute> <Attribute AttributeName="role" AttributeNamespace ="//medico.com">physician</Attribute> </Principal> </ContextPrincipal> <ContextResource> <Resource ResourceType="XML"> <Attribute AttributeName="ResourceURI">//medico.com/record/patient [@patientName/first='Bartholomew'][@patientName/last ='Simpson']/patientDoB</Attribute> </Resource> </ContextResource> <ContextAction> <Action ActionType="XMLAction"> <Attribute AttributeName="read"/> </Action> </ContextAction> </RequestContext> (See attached file: SAML-XACMLContext.xsl)(See attached file: SAMLRequest.xml) Michiharu Kudo IBM Tokyo Research Laboratory, Internet Technology Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
Attachment:
SAML-XACMLContext.xsl
Description: Binary data
Attachment:
SAMLRequest.xml
Description: Binary data
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC