[OGSA-AUTHZ] Web Services (Policy?) profile of/for XACML
Yuri Demchenko
demch at science.uva.nl
Wed Feb 21 10:38:03 CST 2007
Hi David,
I looked at the document your sent and was a bit confused to position it
among other standards in use and our work.
Before we can discuss some minor detail, I want to say that title is a
bit misleading. They call it "Web Services Profile of XACML (WS-XACML)"
but actually it is Web Services Policy (WSP) profile/extensions for
(using) XACML in WSP style policy definition.
They provided good use cases in Introduction, and correctly described
XACML AuthZ token (section 2).
For me, it is not clear their definition of XACMLAuthZAssertion (section
3). Is this an assertion or policy statement?
"An XACMLAuthzAssertion represents an XACML authorization, access
control, or privacy policy that applies to the target of the wsp:Policy
instance in which it appears. The Assertion MAY be used by a Web Service
to express or publish its authorization, access control, or privacy
requirements or its capability of complying with requirements imposed by
a client. The Assertion MAY be used by a Web Services client to express
or publish its authorization, access control, or privacy requirements
requirements or its capability of complying with requirements imposed by
a Web Service. Two instances of such an Assertion MAY be matched to
determine whether they are compatible, and, if so, which requirements
and capabilities are compatible."
Also I didn't find support for so much expected cryptographically
valid/ensured attributes.
So, what possibilities do we have to give our comments to the author?
Yuri
David Chadwick wrote:
> is attached.
>
>
> ------------------------------------------------------------------------
>
> --
> ogsa-authz-wg mailing list
> ogsa-authz-wg at ogf.org
> http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
More information about the ogsa-authz-wg
mailing list