OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml-demo-tech] Re: [xacml] Re: [xacml-demo-tech] Meta data


We have some people working on developing SAML metadata for the SAML 
Profile of XACML.  Since they are designing a XACMLPDPConfig element to 
hold "extended PDP information", my guess is that structure could be 
used as the extension to hold the other proposed PDP metadata.  I've 
posted our proposal, such as it is, in Issue#74, but it will be a while 
before we can put meat on those bones.  Do you want to wait until there 
is something concrete to work with for Issue#74, or continue on an 
independent path?

Regards,
Anne

bill parducci wrote:
> i started out by wading through the SAML schema. the idea sounds  
> interesting, but i am going to need someone with better XML skills to  
> hop in and help if i am to tackle that ;-)
> 
> b
> 
> On May 15, 2007, at 9:00 AM, Anne Anderson - Sun Microsystems wrote:
> 
>> I think the meta-data should not be tied to SAML, but should be  
>> designed in such a way that it can be inserted into the SAML  
>> protocol.  For example, you could use the SAML schema for the  
>> contents, or something like that.
>>
>> Anne
>>
>> Bill Parducci wrote:
>>
>>> It is an interesting idea-particularly since the SAML meta schema  
>>> is  so rich--but it does require that the PDP be tied to SAML.  Early 
>>> on  in the TC the thinking was that XACML needs to maintain  its  
>>> independence re: implementation. Do we still feel that way?
>>> b
>>> On May 15, 2007, at 7:00 AM, Anne Anderson - Sun Microsystems wrote:
>>>
>>>> Bill,
>>>>
>>>> I wonder if it makes sense to implement your PDP metadata as  part  
>>>> of the SAML metadata?  The metadata has to be conveyed to  clients  
>>>> somehow anyway, so implementing it as part of an  existing protocol  
>>>> makes some sense.
>>>>
>>>> The current proposal in the (in progress) SAML Profile Version  2.0  
>>>> Working Draft 3 is to implement
>>>> a) XACMLPDPDescriptor having standard SAML 2.0 metadata  compliant  
>>>> PDP info.
>>>> b) XACMLPDPConfig holding extended PDP information.  This might  be  
>>>> where the attribute timing, XACML version, Obligation  support, 
>>>> etc.  should go.
>>>> c) XACMLAuthzDecisionQueryDescriptor - PEP endpoint info
>>>> d) XACMLAuthzDecisionQueryConfig - extended PEP information.
>>>>
>>>> See Issue#74 in the Issues list:http://wiki.oasis-open.org/xacml/  
>>>> IssuesList
>>>>
>>>> Anne
>>>>
>>>> Bill Parducci wrote:
>>>>
>>>>> I am going to give emailing to this list one more shot ;)
>>>>> It would be helpful if the interop participants could keep  their  
>>>>> eyes  open for implementation attributes that are key/ useful for   
>>>>> establishing interoperability. Where it makes since  I would like  
>>>>> to  incorporate these into the PDP meta schema.
>>>>> I am currently working on meta info re: Attribute calculation,   
>>>>> XACML  version and Obligation support.
>>>>> thanks
>>>>> b
>>>>> ------------------------------------------------------------------- --
>>>>> To unsubscribe, e-mail: xacml-demo-tech-unsubscribe@lists.oasis-  
>>>>> open.org
>>>>> For additional commands, e-mail: xacml-demo-tech- help@lists.oasis- 
>>>>> open.org
>>>>
>>>>
>>>>
>>>> -- 
>>>> Anne H. Anderson             Email: Anne.Anderson@Sun.COM
>>>> Sun Microsystems Laboratories
>>>> 1 Network Drive,UBUR02-311     Tel: 781/442-0928
>>>> Burlington, MA 01803-0902 USA  Fax: 781/442-1692
>>
>>
>> -- 
>> Anne H. Anderson             Email: Anne.Anderson@Sun.COM
>> Sun Microsystems Laboratories
>> 1 Network Drive,UBUR02-311     Tel: 781/442-0928
>> Burlington, MA 01803-0902 USA  Fax: 781/442-1692
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: xacml-demo-tech-unsubscribe@lists.oasis- open.org
>> For additional commands, e-mail: xacml-demo-tech-help@lists.oasis- 
>> open.org
>>
> 

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]