OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] OAuth tokens and XACML?


Is the OAuth token for that of the requestor or does it need to a subject of some kinds?

Paul Patrick

ïOn 11/5/18, 1:33 PM, "xacml@lists.oasis-open.org on behalf of Mohammad Jafari" <xacml@lists.oasis-open.org on behalf of mohammad.jafari@bookzurman.com> wrote:

    Although I am not aware of an implementation that supports this, this seems to be a PEP-specific issue. If the PEP can consume an OAuth/OpenID Connect token (which might require doing OAuth Introspection as well) and turn the content into attributes in an XACML request, the rest of the flow should be orthogonal to where these attributes originate from.


    On 2018-11-05, 10:24 AM, "xacml@lists.oasis-open.org on behalf of rich levinson" <xacml@lists.oasis-open.org on behalf of rich.levinson@oracle.com> wrote:

        Is there any way an OAuth Access Token or Identity Token can be passed
        in a XACML Request, and have its contents used in a Policy?

        (I think the answer is no, but checking just in case)


        To unsubscribe from this mail list, you must leave the OASIS TC that
        generates this mail.  Follow this link to all your TCs in OASIS at:

This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]