[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue#47: WS-Policy Assertion profile for XACML
Colleagues, Now that WS-Policy has been submitted to and accepted by the W3C, it seems like we should have a standard way to carry an XACML Policy or PolicySet as an Assertion in a WS-Policy instance. I'm thinking of something like a very simple wrapper: <xacmlws:XACMLPolicyAssertion Optional="False"> <xacml:PolicySet ...> ... </xacml:PolicySet> </xacmlws:XACMLPolicyAssertion> Two other possible inclusions might be: 1) A signed SAML Assertion containing an instance of the XACMLAuthzDecisionStatementType that includes the corresponding Request Context; for use as an authorization credential. <xacmlws:XACMLAuthzCredential> <saml:Assertion> ... (containing XACMLAuthzDecisionStatementType instance) </saml> </xacmlws:XACMLAuthzCredential> 2) Individual XACML <Apply> statements, for expressing individual authorization constraints. <xacmlws:XACMLAuthzAssertion ...> <xacml:Apply FunctionId="..."> ... </xacml:Apply> </xacmlws:XACMLAuthzAssertion> I've added this as Issue#47 to the Issues list at http://wiki.oasis-open.org/xacml/IssuesList Regards, Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]