[OGSA-AUTHZ] Use of Obligations in the Privilege Project Authorizaiton Infrastructure for OpenScienceGrid

Markus Lorch mlorch at vt.edu
Tue Feb 22 08:40:36 CST 2005 

Sorry guys, I must have selected the wrong file type originally.
A new version (PDF) with the appropriate filetype is at
https://forge.gridforum.org/projects/ogsa-authz/document/SAML-Obligation-Ext
ensions-used-in-OSG/en/2

or alternatively: http://tinyurl.com/5uuke

Markus


> -----Original Message-----
> From: Tom Barton [mailto:tbarton at uchicago.edu] 
> Sent: Tuesday, February 22, 2005 7:23 AM
> To: Markus Lorch
> Subject: Re: [OGSA-AUTHZ] Use of Obligations in the Privilege 
> Project Authorizaiton Infrastructure for OpenScienceGrid
> 
> 
> Markus,
> 
> I'm not able to open that file - it seems to be a pdf, but 
> gridforge has 
> it wrapped up as plain text. Could you fix it?
> 
> Thanks,
> Tom
> 
> Markus Lorch wrote:
> > Hi All,
> > 
> > I have written a document for the OGSA AuthZ WG that 
> discribes how we 
> > use obligations in the  privilege project for the Open 
> Science Grid. 
> > I have uploaded the document to grid forge at
> > 
> /projects/ogsa-authz/document/SAML-Obligation-Extensions-used-
> in-OSG/en/1.
> > 
> > In short I decided to follow David's proposal for an
> > ObligatedAuthorizationDecisionStatement
> > but used the "Obligation" element as an extension point. I 
> then implemented
> > an
> > XACML Obligation. (others could choose to implement 
> PonderObligation)
> > 
> > I found that all the obligations I want to convey are 
> naturally expressed as
> > attribute assignments (see examples in the document). While 
> there may be 
> > semantic negotiation issues (which we also have for 
> standard attributes) I 
> > like the possible integration path with XACML over SAML and 
> the ease with
> > which 
> > I can define an obligation in an XACML policy and have it 
> with no effort 
> > appear in the decision statement. 
> > 
> > I continue to believe that we should move away from the 
> SAML Authorization 
> > Decision Statement towards the use of XACML over SAML in 
> the long run.
> > (see my email from Sept. 23, 2004)
> > 
> > I won't be able to attend GGF13. Hope y'all have a great meeting
> > 
> > Markus
> > 
> > ----------------------------------------------------------------
> > Markus Lorch                     
> > Department of Computer Science         	Phone: +1 540 231 5914
> > Virginia Tech, m/c 106                    Fax:	 +1 540 231 6075
> > Blacksburg, VA 24061, U.S.A.     http://people.cs.vt.edu/~mlorch
> > 
>

More information about the ogsa-authz-wg mailing list