[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Attribute's Issuer as string?
Frank, This is an inheritance from SAML, which defines Issuer as a "string". Clearly it is a rather primitive concept at this point, and could use much more elaboration based on actual implementation environments. Yours is a good case. Thanks, Anne On 9 July, Frank Siebenlist writes: [xacml] Attribute's Issuer as string? > From: Frank Siebenlist <franks@mcs.anl.gov> > To: XACML TC <xacml@lists.oasis-open.org> > Subject: [xacml] Attribute's Issuer as string? > Date: Wed, 09 Jul 2003 12:15:11 -0700 > > The Attribute's Issuer is defined as a string, and I was wondering what the > design rational was behind that choice. > > I was trying to see how you could take care of part of the path validation of an > assertion in xacml. > > For example, you would only accept a certain attribute value if it was issued by > a subject that was a member of a certain group, or only by an issuer with a > certain name only if that name was asserted by a certain identity issuer. > > I guess I was looking for an issuer type that would again be a subject with its > own attributes. > > One alternative would be to chain different subjects in the Request together > through a naming conventions that ties issuer's value to a subject's attribute > value ... but that doesn't seem very elegant. > > Insight? Suggestions? > > Thanks, Frank. > > > -- > Frank Siebenlist franks@mcs.anl.gov > The Globus Project - Argonne National Laboratory > > > You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]