[OGSA-AUTHZ] VOMS Attribute Profile

Mon Dec 3 10:12:23 CST 2007

I was in favour of the profile separation too. In Seattle, I said it's
something worth considering also for the PDP spec, since projects have
ongoing efforts in defining for XACML ids.
However, I understood, and understand David's concern on timing. Anyway,
I don't know if it does really make sense to say that we put
requirements inside the current spec now, because there's no time to
prepare a spec on their own. Won't there be syncing problem beetwen the
two? 
I suggest to see how and how fast the attribute profile proceeds before
we decide.

Valerio

On Wed, 2007-11-28 at 19:14 +0000, David Chadwick wrote:
> Hi Tom
> 
> this issue was discussed at length at OGF21 (see minutes). The 
> conclusion was, if I remember correctly, that a separate document 
> defining attribute, obligations and other parameters will be needed in 
> the medium term, and it will take quite some time to produce it, since
> people will need operational experience in order to draw up the complete 
> list. (In fact a live register might be better, similar to what IANA 
> hold for various things.) But we need something now fast to get going. 
> So the basic minimum will be in the profile docs which can be expected 
> to be released soon, and then the other Standard Definitions doc or 
> register can be produced incrementally over a longer period of time
> 
> regards
> 
> David
> 
> 
> Tom Scavo wrote:
> > I haven't fully digested the material in section 4.2.1 of the XACML
> > profile, but have you thought about separating this out into a
> > separate profile?  Converting VOMS attributes to SAML attributes is
> > generally useful, not just for XACML.
> > 
> > Thanks,
> > Tom
> > 
> > On 11/28/07, David Chadwick <d.w.chadwick at kent.ac.uk> wrote:
> >> Hi Valerio
> >>
> >> this probably means we need a short paragraph in the Attributes Exchange
> >> profile with a pointer to the XACML profile, along with some additional
> >> words of explanation.
> >>
> >> regards
> >>
> >> David
> >>
> >> Valerio Venturi wrote:
> >>> On Wed, 2007-11-28 at 12:58 +0000, David Chadwick wrote:
> >>>> Hi Tom
> >>>>
> >>>> we have already thought of this, and documented in the XACML profile how
> >>>> the various components of a VOMS FQAN are mapped into XACML attributes
> >>> But Tom needs SAML's. Anyway, since VOMS will be releasing SAML
> >>> attributes, and they'll very likely be according to the XACML Attribute
> >>> profile, we'll have a way to translate them to XACLM Attribute, that is
> >>> according to the SAML Profile for XACML. That will sort auhtZ services
> >>> out too.
> >>>
> >>> Valerio
> >>>
> >>>
> >>>
> >> --
> >>
> >> *****************************************************************
> >> David W. Chadwick, BSc PhD
> >> Professor of Information Systems Security
> >> The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
> >> Skype Name: davidwchadwick
> >> Tel: +44 1227 82 3221
> >> Fax +44 1227 762 811
> >> Mobile: +44 77 96 44 7184
> >> Email: D.W.Chadwick at kent.ac.uk
> >> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
> >> Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
> >> Entrust key validation string: MLJ9-DU5T-HV8J
> >> PGP Key ID is 0xBC238DE5
> >>
> >> *****************************************************************
> >>
> > 
> 