Subject: FW: [security-services] Proposed Agenda for SAML 2.0 F2F. Forwarded message from Mishra, Prateek.
SAML AuthzDecisionQuery/Resp people, Any objections to this schedule? We would have time on Tuesday to do our side-session (time still unspecified, but RSA would provide facilities), and then present our joint AuthzQuery proposal to the SSTC on Wednesday from 9-10:30. I am also including the latest version of the Abstract Requirements list. Note that these are candidate requirements - being on the list does not mean we have agreed yet. This list does not include anything for step 1 of multi-step authorization, because it seems that should be a separate type of "AttributeQuery", not necessarily handled by a PDP. I will put it on the list for discussion if the OGSA people still think it should be part of the AuthzQuery. Anne Title: Abstract Requirements for SAML AuthorizationDecisionQuery/Response Author: Anne Anderson Version: 1.2, 03/08/28 (yy/mm/dd) 1. Way to pass an XACML Request Context in the Query and an XACML Response Context in the Decision. Should not extend SubjectQueryAbstractType and SubjectStatementAbstractType because Subject element is redundant and inconsistent. 2. Way to indicate in the Query that an (note might not match input Request) XACML Request Context is to be returned as part of the Decision. 3. Way to indicate in the Query whether the PDP is free to collect Attributes for use in making the Decision from sources other than the XACML Request Context passed in the Query. 4. Associate a DataType with an Issuer name, such that the name can be determined to be a string, an X.500 Distinguished Name, etc. 5. Way to return an XACML Policy/PolicySet in a Decision as a condition that must evaluate to "Permit" in order for the Decision to be valid. Way to indicate that such a condition is associated with the Decision. Might be appropriate to put this condition and indication into the XACML Response Context itself. 6. Way to pass an XACML Policy/PolicySet in a Query along with an indication that such a policy is being supplied and whether this Policy/PolicySet is to be used alone or in conjunction with other Policies/PolicySets available to the PDP in evaluating the Query. 7. Better correspondence between SAML Attribute format and XACML Request Context Attribute format such that SAML Attributes can be translated into XACML Request Context Attributes mechanically and easily. 8. SAML Policy Statement syntax, allowing an issuer to state and sign an XACML Policy/PolicySet. 9. SAML Policy Query syntax, allowing a PDP to request a Policy/PolicySet by its Policy[Set]Id from an on-line Policy Administration Point (are there any online PAPs? If not, no need for this). ------- start of forwarded message ------- From: "Mishra, Prateek" <firstname.lastname@example.org> To: "'Anne.Anderson@Sun.com'" <Anne.Anderson@sun.com> Subject: FW: [security-services] Proposed Agenda for SAML 2.0 F2F Date: Fri, 29 Aug 2003 09:43:36 -0400 Anne, Here is the proposed agenda. Our thinking was that if XACML needed a "side-session", this could be accomplished on Tuesday. Rob has indicated that RSA would make the needed facilities available. Does it work for you? -----Original Message----- From: Mishra, Prateek [mailto:email@example.com] Sent: Monday, August 18, 2003 6:36 PM To: 'firstname.lastname@example.org' Subject: [security-services] Proposed Agenda for SAML 2.0 F2F Monday, September 8: 10:00-10:30 Preliminaries, Roll-Call 10:30-12:00 -- ID-FF v1.1 Drilldown 1:00-1:30 -- What is new in ID-FF V1.2? 1:30-2:30 -- WSS SAML token profile 2:30--2:45 -- Break 2:45--4:30 -- Implementation experience and new use-cases + Mike Beach, Boeing (20 mins) + Fidelity (20 mins) + Netegrity (20 mins) + Open time (??) 4:30--5:00 --- Capture any new work items (identify champions, next steps) <*** Editors revise SAML 2.0 work item list based on inputs Current version: sstc-saml-scope-2.0-draft-0.2.doc available from document repository ***> Tuesday, September 9: 9:00--10:15 --- Review of SAML 2.0 work item list gap analysis with ID-FF v.1.1, v1.2 10:30--12:00 -- Continued 1:00 --3:15 -- Continued 3:30--5:00 --- End Goal: Enumerate documents and identify editors, Identify champions for each work item, Link each work item to a document, Identify next steps for each work item Wednesday, September 10: 9:00-10:30 --- XACML AuthZQuery/Response Proposal to SSTC 10:30-12:00 --- Finish up remaining business ---------------------- Prateek Mishra Netegrity p: 781-530-6564 c: 781-308-5198 ------- end of forwarded message ------- -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692