[OGSA-AUTHZ] OGSA-Authz-WG draft meeting minutes: OGF Jan 29 session

[Valerio Venturi]

On Wed, 2007-01-31 at 09:38 -0500, Tom Scavo wrote:
> On 1/31/07, Valerio Venturi <valerio.venturi at cnaf.infn.it> wrote:
> > On Mon, 2007-01-29 at 20:10 +0000, David Chadwick wrote:
> >
> > > > * Other business Tom Scavo: Do we need mechanism to bind SAML to
> > > > X.509 (equivalent to VOMS)? David: 2005 X.509 has specification for
> > > > binding XML to X.509, but doesn't specify XML content Tom Scavo to
> > > > investigate how these relate.
> > Shouldn't this be done by SubjectConfirmation? Or are you talking about
> > assertions travelling within X.509 proxies?
> 
> Yes, the latter.  See the following wiki page for some crude thoughts
> along these lines:
> 
> https://spaces.internet2.edu/display/GS/X509BindingSAML
Thanks, we'll have a look at it. However, in our plans, the natural
format for attributes in X.509 proxies extensions will still be ACs so I
don't know if it will be a needs for us.

> > > David: VOMS is providing a standard SAML protocol interface for picking
> > > up VOMS attributes. A beta is supposed to be ready by April 2007
> > That's correct David. The protocol is that in SAML V2.0 Profiles for
> > X.509 Subject as agreed. We are about to work on the implementation of
> > the protocol and we will eventually inform Tom and the authors about any
> > issue we may have. Hope it won't be too late by that time but we
> > couldn't make it before.
> 
> Not too late from my point of view.  Valerio, would you mind providing
> a pointer to the spec you're looking at?  There have been many
> versions and I want to make sure you're looking at the right one.
http://www.oasis-open.org/committees/document.php?document_id=20000&wg_abbrev=security

Valerio

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3339 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/ogsa-authz-wg/attachments/20070131/ce209f61/attachment.bin