[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue#47: WS-Policy Assertion profile for XACML
Colleagues,
Now that WS-Policy has been submitted to and accepted by the W3C, it
seems like we should have a standard way to carry an XACML Policy or
PolicySet as an Assertion in a WS-Policy instance. I'm thinking of
something like a very simple wrapper:
<xacmlws:XACMLPolicyAssertion Optional="False">
<xacml:PolicySet ...>
...
</xacml:PolicySet>
</xacmlws:XACMLPolicyAssertion>
Two other possible inclusions might be:
1) A signed SAML Assertion containing an instance of the
XACMLAuthzDecisionStatementType that includes the corresponding Request
Context; for use as an authorization credential.
<xacmlws:XACMLAuthzCredential>
<saml:Assertion>
... (containing XACMLAuthzDecisionStatementType instance)
</saml>
</xacmlws:XACMLAuthzCredential>
2) Individual XACML <Apply> statements, for expressing individual
authorization constraints.
<xacmlws:XACMLAuthzAssertion ...>
<xacml:Apply FunctionId="...">
...
</xacml:Apply>
</xacmlws:XACMLAuthzAssertion>
I've added this as Issue#47 to the Issues list at
http://wiki.oasis-open.org/xacml/IssuesList
Regards,
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]