OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Issue#47: WS-Policy Assertion profile for XACML

So it looks like these are not really assertions but rather just a way to carry xacml statements in a wsp:policy element, why I say this is that all you will be matching on is <xacmlws:XACMLPolicyAssertion Optional="False">.

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for Anne Anderson <Anne.Anderson@sun.com>Anne Anderson <Anne.Anderson@sun.com>


          Anne Anderson <Anne.Anderson@sun.com>

          07/26/2006 01:29 PM
          Please respond to
          Anne.Anderson@sun.com

To

OASIS XACML TC <xacml@lists.oasis-open.org>

cc


Subject

[xacml] Issue#47: WS-Policy Assertion profile for XACML

Colleagues,

Now that WS-Policy has been submitted to and accepted by the W3C, it
seems like we should have a standard way to carry an XACML Policy or
PolicySet as an Assertion in a WS-Policy instance.  I'm thinking of
something like a very simple wrapper:

<xacmlws:XACMLPolicyAssertion Optional="False">
  <xacml:PolicySet ...>
    ...
  </xacml:PolicySet>
</xacmlws:XACMLPolicyAssertion>

Two other possible inclusions might be:

1) A signed SAML Assertion containing an instance of the
XACMLAuthzDecisionStatementType that includes the corresponding Request
Context; for use as an authorization credential.

  <xacmlws:XACMLAuthzCredential>
     <saml:Assertion>
        ... (containing XACMLAuthzDecisionStatementType instance)
     </saml>
  </xacmlws:XACMLAuthzCredential>

2) Individual XACML <Apply> statements, for expressing individual
authorization constraints.

  <xacmlws:XACMLAuthzAssertion ...>
      <xacml:Apply FunctionId="...">
         ...
      </xacml:Apply>
  </xacmlws:XACMLAuthzAssertion>

I've added this as Issue#47 to the Issues list at
http://wiki.oasis-open.org/xacml/IssuesList

Regards,
Anne
--
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 


GIF image

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]