[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] canonicalization for XACML instances being signed
Anne Anderson wrote: > For example, will an XACML > Response be removed from its SAML DecisionStatement or SAML > Assertion and put into some other envelope for retransmission? at first glance it would seem that canonicalization is necessary under this scenario: (from: Abstract Requirements for SAML AuthorizationDecisionQuery/Response) 5. Way to return an XACML Policy/PolicySet in a Decision as a condition that must evaluate to "Permit" in order for the Decision to be valid. Way to indicate that such a condition is associated with the Decision. Might be appropriate to put this condition and indication into the XACML Response Context itself. just kinda winging it here, but my thinking is that this may involve the chunking of policy(ies)(sets) from a source that may have a fundamentally different context than that of the PEP being responded to. b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]