[OGSA-AUTHZ] SAML AuthZ Service Document Comments
David Chadwick
d.w.chadwick at kent.ac.uk
Wed May 18 14:04:31 CDT 2005
Von Welch wrote:
> > 4. 6.1.4 Action Elements
> > - I think it would be better to define the string representation
> > more specific. The QName of the operation would be better.
>
> Let me ask our implementors and see what they have done.
From the PDP side of things, we will accept any string, and this string
will be contained in the Authz policy governing access to the resource
(e.g. it could be read, write, delete etc.) But the PDP does not
actually care how the string was obtained or what it means, since it
simply compares a presented value with a value in the policy.
But clearly from a user's perspective the string must mean something,
and from the PEP's perspective it needs to know where to get the string
from to pass to the PDP. Therefore a sensible meaning would indeed be
the name of the operation being requested by the user.
Note that in version 2 of the protocol we are planning to pass operation
arguements as well, so it might be better to state that what will be
passed (in v2) is the name of the operation and its arguments.
regards
David
>
> Von
>
> >
> > Hope it isn't late,
> > Takuya Mori
> >
> > ----
> > Takuya Mori
>
>
--
*****************************************************************
PLEASE NOTE NEW CONTACT DETAILS AS OF 1 JAN 2005
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NZ
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the ogsa-authz-wg
mailing list