[OGSA-AUTHZ] Fwd: Web Services Profile of XACML
Tom Scavo
trscavo at gmail.com
Sat Mar 17 13:22:56 CDT 2007
FYI
----------------------------------------------------------------------
Web Services Profile of XACML (WS-XACML)
Anne Anderson, OASIS Presentation
This PDF document summarizes a presentation made at the OASIS XACML
TC Face-to-Face meeting on 13-March-2007. Outline: Web Services
Policy Background; XACML Web Services Policy Assertions; XACML
Assertion Format; XACML Assertion Matching; Defined XACML Assertions
[XACMLAuthzAssertion, XACMLPrivacyAssertion]; New XACML Functions and
Attribute Identifiers; Open Issues. Abstract from "Web Services
Profile of XACML (WS-XACML) Version 1.0": "This document specifies
ways to use XACML in the context of Web Services for authorization,
access control, and privacy policies. It specifies four types of
information. (1) An authorization token or credential based on XACML
to be used in a Web Services context for conveying an authorization
decision from a trusted third party to a Web Service. (2) A policy
Assertion type based on XACML elements for use with WS-Policy or other
schemas and protocols; this Assertion may be used to convey both
requirements and capabilities related to authorization, access control,
and privacy for Web Service clients and for the services themselves.
This Profile specifies standard formats, matching semantics, and
usage guidelines for two Assertions derived from this type: one for
authorization policies and the other for privacy policies. (3) Some
ways in which Attributes for a client MAY be passed to a Web Service
as part of a SOAP message in such a way that they can be authenticated
as having been issued by a trusted authority. These Attributes may be
used by the Web Service in evaluating the internal XACML policies of
a service or enterprise that are relevant to a given Web Services
access. (4) How to express P3P policy preferences and match them
using the new Assertion based on XACML."
http://xml.coverpages.org/xacml.html#Anderson-WS-XACML-F2F200703
See also WD 08:
http://www.oasis-open.org/committees/download.php/21490/xacml-3.0-profile-webservices-spec-v1.0-wd-8-en.pdf
----------------------------------------------------------------------
More information about the ogsa-authz-wg
mailing list