OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issue#47: WS-Policy Assertion profile for XACML


Now that WS-Policy has been submitted to and accepted by the W3C, it 
seems like we should have a standard way to carry an XACML Policy or 
PolicySet as an Assertion in a WS-Policy instance.  I'm thinking of 
something like a very simple wrapper:

<xacmlws:XACMLPolicyAssertion Optional="False">
   <xacml:PolicySet ...>

Two other possible inclusions might be:

1) A signed SAML Assertion containing an instance of the 
XACMLAuthzDecisionStatementType that includes the corresponding Request 
Context; for use as an authorization credential.

         ... (containing XACMLAuthzDecisionStatementType instance)

2) Individual XACML <Apply> statements, for expressing individual 
authorization constraints.

   <xacmlws:XACMLAuthzAssertion ...>
       <xacml:Apply FunctionId="...">

I've added this as Issue#47 to the Issues list at 

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]