OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xspa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Dynamic Request-Attached Policy Use-Case (Action Item #0029)

So apparently this use-case is already supported by the SAML 2.0 Profile of XACML, section 4.4.

 

The "XACMLAuthzDecisionQuery" includes a XACML request context and additional supports the following elements:

-          xacml:Policy: A XACML policy against which the request must be evaluated.

-          xacml:PolicySet: A XACML policy set against which the request must be evaluated.

-          CombinePolicies: Whether the PDP must combine the decision from the enclosed policies with the other system policies available to the PDP. If this value is false, then only one of the above (either the policy or the policy set) can be present.

-          InputContextOnly: Whether the PDP is allowed to use any information other than what is included in the context to make decisions.

 

Regards,

Mohammad

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]