OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] Telling the PIP where to pull from

Is this something beyond what the "Issuer" attribute can do?

From a semantic perspective, the Issuer attribute has never made sense
to me.  I think of XACML Attributes as predicates for making assertions
about the state of the world, and I don't know what to make of a
situation where Issuer A says one thing about the world and Issuer B
says something else.

It would be different matter if you wanted to consult different sources
based on performance or availability.  Is that the use case?

Regards,
--Paul

> -----Original Message-----
> From: David Chadwick [mailto:d.w.chadwick@kent.ac.uk]
> Sent: Tuesday, October 19, 2010 07:17
> To: xacml
> Cc: George Inman; Sampo Kellomaki
> Subject: [xacml] Telling the PIP where to pull from
> 
> Hi everyone
> 
> in the TAS3 project we have been developing the PDP to be able to pull
> various user credentials from different IDPs. We use the SAML/XACML
> protocol to communicate between the PEP and the PDP. One of the things
> we need to do is for the PEP to direct the PIP of the PDP where to go
> to
> fetch extra user attributes/credentials/claims. The solution we are
> proposing is to put a WSSE security token in the SOAP header of the
> SAML
> request.
> 
> What do the group think about this approach?
> 
> Have other ways of directing the PIP been discussed?
> 
> Is the group willing to standardise the way that the PEP can
> dynamically
> inform the PDP/PIP where to pull additional attributes/claims from
> 
> regards
> 
> David
> 
> --
> 
> *****************************************************************
> David W. Chadwick, BSc PhD
> Professor of Information Systems Security
> School of Computing, University of Kent, Canterbury, CT2 7NF
> Skype Name: davidwchadwick
> Tel: +44 1227 82 3221
> Fax +44 1227 762 811
> Mobile: +44 77 96 44 7184
> Email: D.W.Chadwick@kent.ac.uk
> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
> Research Web site:
> http://www.cs.kent.ac.uk/research/groups/iss/index.html
> Entrust key validation string: MLJ9-DU5T-HV8J
> PGP Key ID is 0xBC238DE5
> 
> *****************************************************************
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]