OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xspa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Generic Profiles

Dear List

at yesterdays telecom we briefly discussed the WS-Trust, SAML and XACML 
profiles being developed by the TC.

As part of the Open Grid Forum we have already developed and published a 
set of generic profiles that can be used by any distributed 
applications. Although initially developed for grid applications, there 
is nothing in them that is specific to grids, and we are using them in 
the TAS3 project (which is not a grid application). You might find these 
useful. Details below



GFD.156 	Functional Components of Grid Service Provider Authorisation 
Service Middleware
Abstract:
This document describes the various components that make up the 
authorization decision function of a Grid service provider. It looks at 
the different ways in which the various components can be combined 
together, and data flows between the components. This document is for 
informational purposes only and is not intended to form a grid standard.

Available from http://www.ogf.org/documents/GFD.156.pdf



GFD.159    Use of XACML Request Context to Obtain an Authorisation 
Decision 	
D. Chadwick, L. Su, R. Laborde 	2009-11-13
	
Abstract:
The purpose of this document is to specify a protocol for accessing a 
Policy Decision Point (PDP) by a Grid Policy Enforcement Point (PEP) in 
order to obtain access control decisions containing obligations. The 
protocol is a profile of the SAML2.0 profile of XACMLv2 request/response 
contexts, tailored especially for grid use.

Available from http://www.ogf.org/documents/GFD.159.pdf



GFD.158 	Use of SAML to retrieve Authorization Credentials 	
V. Venturi, T. Scavo, D. Chadwick 	2009-11-13
	
Abstract:
This document presents a specification for an authorization credential 
retrieval protocol based on the use of the Security Assertion Markup 
Language (SAML) and protocol as a format for requesting and retrieving 
attribute assertions.

Available from http://www.ogf.org/documents/GFD.158.pdf


GFD.157 	Use of WS-TRUST and SAML to access a Credential Validation 
Service 	
D. Chadwick, L. Su 	2009-11-13

Abstract:
This document provides a protocol for an authorization component to 
access an external credential validation service (CVS) prior to calling 
a policy decision point (PDP). The protocol is a profile of a SAML 
attribute assertion carried by WS-Trust.

Available from http://www.ogf.org/documents/GFD.157.pdf
	

regards

David



*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]