[OGSA-AUTHZ] VOMS Attribute Profile
Valerio Venturi
valerio.venturi at cnaf.infn.it
Mon Dec 3 10:12:23 CST 2007
I was in favour of the profile separation too. In Seattle, I said it's
something worth considering also for the PDP spec, since projects have
ongoing efforts in defining for XACML ids.
However, I understood, and understand David's concern on timing. Anyway,
I don't know if it does really make sense to say that we put
requirements inside the current spec now, because there's no time to
prepare a spec on their own. Won't there be syncing problem beetwen the
two?
I suggest to see how and how fast the attribute profile proceeds before
we decide.
Valerio
On Wed, 2007-11-28 at 19:14 +0000, David Chadwick wrote:
> Hi Tom
>
> this issue was discussed at length at OGF21 (see minutes). The
> conclusion was, if I remember correctly, that a separate document
> defining attribute, obligations and other parameters will be needed in
> the medium term, and it will take quite some time to produce it, since
> people will need operational experience in order to draw up the complete
> list. (In fact a live register might be better, similar to what IANA
> hold for various things.) But we need something now fast to get going.
> So the basic minimum will be in the profile docs which can be expected
> to be released soon, and then the other Standard Definitions doc or
> register can be produced incrementally over a longer period of time
>
> regards
>
> David
>
>
> Tom Scavo wrote:
> > I haven't fully digested the material in section 4.2.1 of the XACML
> > profile, but have you thought about separating this out into a
> > separate profile? Converting VOMS attributes to SAML attributes is
> > generally useful, not just for XACML.
> >
> > Thanks,
> > Tom
> >
> > On 11/28/07, David Chadwick <d.w.chadwick at kent.ac.uk> wrote:
> >> Hi Valerio
> >>
> >> this probably means we need a short paragraph in the Attributes Exchange
> >> profile with a pointer to the XACML profile, along with some additional
> >> words of explanation.
> >>
> >> regards
> >>
> >> David
> >>
> >> Valerio Venturi wrote:
> >>> On Wed, 2007-11-28 at 12:58 +0000, David Chadwick wrote:
> >>>> Hi Tom
> >>>>
> >>>> we have already thought of this, and documented in the XACML profile how
> >>>> the various components of a VOMS FQAN are mapped into XACML attributes
> >>> But Tom needs SAML's. Anyway, since VOMS will be releasing SAML
> >>> attributes, and they'll very likely be according to the XACML Attribute
> >>> profile, we'll have a way to translate them to XACLM Attribute, that is
> >>> according to the SAML Profile for XACML. That will sort auhtZ services
> >>> out too.
> >>>
> >>> Valerio
> >>>
> >>>
> >>>
> >> --
> >>
> >> *****************************************************************
> >> David W. Chadwick, BSc PhD
> >> Professor of Information Systems Security
> >> The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
> >> Skype Name: davidwchadwick
> >> Tel: +44 1227 82 3221
> >> Fax +44 1227 762 811
> >> Mobile: +44 77 96 44 7184
> >> Email: D.W.Chadwick at kent.ac.uk
> >> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
> >> Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
> >> Entrust key validation string: MLJ9-DU5T-HV8J
> >> PGP Key ID is 0xBC238DE5
> >>
> >> *****************************************************************
> >>
> >
>
More information about the ogsa-authz-wg
mailing list