[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: XACML extensions to SAML. Scott Cantor response
--- Begin Message ---
- From: Scott Cantor <cantor.2@osu.edu>
- To: Anne.Anderson@Sun.COM
- Date: Fri, 30 Jul 2004 13:35:43 -0400
> The XACML <Status> can be different for each XACML <Result> that > is returned, since they are evaluated independently by the PDP. Thanks, that's what I was missing. The same issues come up when tunnelling an application through SOAP, which also can't easily represent multiple status values for different actions. And the solution (tunnelling) is suboptimal in both cases, but probably unavoidable. > It seems to me that the SAML Status for an XACML Response could > be one of two values: > > No errors occurred > At least one error occurred The SAML Status must be the URI for Success if an assertion is successfully returned, although a subcode could be created in your profile that reflects more precisely what's in the assertion. -- Scott--- End Message ---
-- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]