[OGSA-AUTHZ] SAML AuthZ Service Document Comments

Von Welch vwelch at ncsa.uiuc.edu
Wed May 18 22:58:15 CDT 2005 

Sounds like right now GT is passin just the operation without
qualifier. I believe the right thing to do here is leave it as
operation name for now, but indicate it should include the namespace
in future version of the protocol.

Von

David Chadwick writes (20:04 May 18, 2005):
 > 
 > 
 > Von Welch wrote:
 > 
 > >  > 4. 6.1.4 Action Elements
 > >  >  - I think it would be better to define the string representation
 > >  >    more specific.  The QName of the operation would be better.
 > > 
 > > Let me ask our implementors and see what they have done.
 > 
 > 
 >  From the PDP side of things, we will accept any string, and this string 
 > will be contained in the Authz policy governing access to the resource 
 > (e.g. it could be read, write, delete etc.) But the PDP does not 
 > actually care how the string was obtained or what it means, since it 
 > simply compares a presented value with a value in the policy.
 > 
 > But clearly from a user's perspective the string must mean something, 
 > and from the PEP's perspective it needs to know where to get the string 
 > from to pass to the PDP. Therefore a sensible meaning would indeed be 
 > the name of the operation being requested by the user.
 > 
 > Note that in version 2 of the protocol we are planning to pass operation 
 > arguements as well, so it might be better to state that what will be 
 > passed (in v2) is the name of the operation and its arguments.
 > 
 > regards
 > 
 > David
 > 
 > 
 > > 
 > > Von
 > > 
 > >  > 
 > >  > Hope it isn't late,
 > >  > Takuya Mori
 > >  > 
 > >  > ----
 > >  >     Takuya Mori
 > > 
 > > 
 > 
 > -- 
 > 
 > *****************************************************************
 > PLEASE NOTE NEW CONTACT DETAILS AS OF 1 JAN 2005
 > 
 > David W. Chadwick, BSc PhD
 > Professor of Information Systems Security
 > The Computing Laboratory, University of Kent, Canterbury, CT2 7NZ
 > Tel: +44 1227 82 3221
 > Fax +44 1227 762 811
 > Mobile: +44 77 96 44 7184
 > Email: D.W.Chadwick at kent.ac.uk
 > Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
 > Research Web site: http://sec.cs.kent.ac.uk
 > Entrust key validation string: MLJ9-DU5T-HV8J
 > PGP Key ID is 0xBC238DE5
 > 
 > *****************************************************************

More information about the ogsa-authz-wg mailing list