[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 72, SAML:Where should passed-in policies be inserted
All, Issue 72 is about where policies supplied in a SAML XACMLAuthz request should be placed among the other policies of the PDP. The difficulty of this issue is that XACML currently does not say anything about how a PDP finds it "contained policies" in the first place. Without a specification for this, there is nothing to relate the SAML supplied policies to. I don't think we should specify policy finding in the PDP, so I propose that we leave this unspecified. Different users/PDPs may find different modes of operation useful. I propose that we add the following text to the SAML profile regarding this issue: --8<-- Since XACML does not specify how a PDP selects a policy to evaluate, the supplied policies are related to the policies already available in the PDP in an implementation specific manner. For example, a PDP MAY treat the policies in the same manner as other policies in the PDP, it MAY choose to insert the supplied policies in a PolicySet at some specified point, it MAY use solely the supplied policies or it MAY make use of the supplied policies in some other way. Users of a PDP should coordinate with the providers of the PDP to establish meaningful behavior for the supplied policies. --8<-- Best regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]