[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] Telling the PIP where to pull from
Is this something beyond what the "Issuer" attribute can do? From a semantic perspective, the Issuer attribute has never made sense to me. I think of XACML Attributes as predicates for making assertions about the state of the world, and I don't know what to make of a situation where Issuer A says one thing about the world and Issuer B says something else. It would be different matter if you wanted to consult different sources based on performance or availability. Is that the use case? Regards, --Paul > -----Original Message----- > From: David Chadwick [mailto:d.w.chadwick@kent.ac.uk] > Sent: Tuesday, October 19, 2010 07:17 > To: xacml > Cc: George Inman; Sampo Kellomaki > Subject: [xacml] Telling the PIP where to pull from > > Hi everyone > > in the TAS3 project we have been developing the PDP to be able to pull > various user credentials from different IDPs. We use the SAML/XACML > protocol to communicate between the PEP and the PDP. One of the things > we need to do is for the PEP to direct the PIP of the PDP where to go > to > fetch extra user attributes/credentials/claims. The solution we are > proposing is to put a WSSE security token in the SOAP header of the > SAML > request. > > What do the group think about this approach? > > Have other ways of directing the PIP been discussed? > > Is the group willing to standardise the way that the PEP can > dynamically > inform the PDP/PIP where to pull additional attributes/claims from > > regards > > David > > -- > > ***************************************************************** > David W. Chadwick, BSc PhD > Professor of Information Systems Security > School of Computing, University of Kent, Canterbury, CT2 7NF > Skype Name: davidwchadwick > Tel: +44 1227 82 3221 > Fax +44 1227 762 811 > Mobile: +44 77 96 44 7184 > Email: D.W.Chadwick@kent.ac.uk > Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html > Research Web site: > http://www.cs.kent.ac.uk/research/groups/iss/index.html > Entrust key validation string: MLJ9-DU5T-HV8J > PGP Key ID is 0xBC238DE5 > > ***************************************************************** > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]