OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Attribute's Issuer as string?

The Attribute's Issuer is defined as a string, and I was wondering what the 
design rational was behind that choice.

I was trying to see how you could take care of part of the path validation of an 
assertion in xacml.

For example, you would only accept a certain attribute value if it was issued by 
   a subject that was a member of a certain group, or only by an issuer with a 
certain name only if that name was asserted by a certain identity issuer.

I guess I was looking for an issuer type that would again be a subject with its 
own attributes.

One alternative would be to chain different subjects in the Request together 
through a naming conventions that ties issuer's value to a subject's attribute 
value ... but that doesn't seem very elegant.

Insight? Suggestions?

Thanks, Frank.

Frank Siebenlist              franks@mcs.anl.gov
The Globus Project - Argonne National Laboratory

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]