[OGSA-AUTHZ] OGSA-Authz-WG draft meeting minutes: OGF Jan 29 session
David Chadwick
d.w.chadwick at kent.ac.uk
Wed Jan 31 15:15:16 CST 2007
Hi Takuya
I have uploaded them to the forge at
http://forge.gridforum.org/sf/docman/do/listDocuments/projects.ogsa-authz/docman.root.meeting_minutes
regards
David
Takuya Mori wrote:
> Hi Von, David,
>
> Please find my slides in the attachement.
>
>>> * Takuyi Mori presentation on NAREGI Authz Service and NAREGI XACML
>
> Please correct my name to "Takuya Mori".
> Thank you,
>
>>> profile Slides will be sent to the email list SAML 2.0 and XACML 2.0
>>> based Uses GT authz framework Profile between Authz service client
>>> (in GT4) and Authz CVS Handles VOMS AC's and passes to Authz service
>>> Presented mapping of attributes from X.509 EEC/VOMS AC into XACML
>>> Resource Attribute Filtering Mechanism (RAFM) - Reference properties,
>>> XACML profile has Subject, Resource and Action attributes
>> There is an issue as to how a resource's attributes are obtained by the
>> PEP. If the user submits them to the PEP there is a potential trust
>> issue here, and the attributes will need to validated by the CVS. If the
>> PEP obtains them itself from a local store this is not an issue.
>
> Yes, this is an open issue. I'll write the detail on the RAFM
> and send it to the list.
>
> ----
> Takuya Mori
> moritaku at bx.jp.nec.com / tk-mori at isd.nec.co.jp
> System Platform Software Development Division
> NEC Corporation, Tokyo Japan
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the ogsa-authz-wg
mailing list