[OGSA-AUTHZ] Draft XACML/SAML Protocol Profile
Chad La Joie
chad.lajoie at switch.ch
Mon Dec 3 08:54:40 CST 2007
For part of some EGEE work that I'm involved in I came up with a
profile, in draft form currently, for the XACML over SAML protocol
defined within the OASIS XACML working group. Valerio suggested that I
make it available to this working group for possible adoption in your
efforts.
The draft can be found here:
http://switch.ch/grid/support/documents/xacmlsaml.pdf
The basic goal of the document is to restrict possible options into a
baseline subset such that discreet implementations might inter-operate.
I think Valerio's summary of the document, as follows, is good:
- requirement for using the SAML SOAP binding as in SAMLBind
- requirement for having mutual authentication between the requester and
the responder
- some requirements on the elements usage
- requirements on authN, integrity and confidentiality
Note this document is only about interoperability at the protocol level,
it does not speak to the other necessary item here which is a profile
for the information (attributes) within the XACML request/response
context. I know that individuals here have already been working on such
a document.
Comments are welcome to the document. We will be going forward with an
immediate implementation of this draft for the EGEE work, but that
should only be taken as a reflection of a constrained timeline for a
short-term project, not as an indication that the profile is already as
good as possible.
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad.lajoie at switch.ch, http://www.switch.ch
More information about the ogsa-authz-wg
mailing list