[OGSA-AUTHZ] Draft XACML/SAML Protocol Profile
Valerio Venturi
valerio.venturi at cnaf.infn.it
Tue Dec 4 10:01:29 CST 2007
On Tue, 2007-12-04 at 15:08 +0000, David Chadwick wrote:
> Hi Valerio and Chad
>
> Valerio Venturi wrote:
> > Hi Chad,
> > your work aims at satisfying the same need of one the current WG draft,
> > Use of XACML Request Context to Obtain an Authorization Decision,
> > last version at
> > https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-authz/docman.root.authz_service/doc14907
> > One difference is that this one states only that the SAML V2.0 Profile
> > for XACLM V2.0 is used for carrying the message, while yours go deeper
> > into details and mandate to using the SAML SOAP Binding. I think this
> > suits also the WG specification, and this is exaclty what the SAML
> > Profile for XACML was meant to, to leverage protocols and bindings that
> > SAML have, why XACLM doesn't.
>
> I agree. Where there are different options that are not pinned down
> sufficiently tightly in the existing drafts, then we should be adding
> additional text in order to ensure interworking.
>
>
> > The other requirements seems to me sounding as well. Please keep us
> > informed of your efforts, so that we can exhange experiences and find a
> > convergence.
> > David, as the main author of the XACML spec, do you think Chad's doc
> > requirements can be received in your doc?
>
> I have no problems with this. After all this is meant to be the WG spec
> that is reached by common consensus. So if most people in the WG want
> these additions they will be adopted.
By the way, is PERMIS implementing the protocols using SOAP over HTTP or
something else? What about authentication?
Valerio
More information about the ogsa-authz-wg
mailing list