[OGSA-AUTHZ] VOMS Attribute Profile
Tom Scavo
trscavo at gmail.com
Tue Nov 27 11:32:58 CST 2007
A relatively simple way to implement an Extended Mode X.509 Attribute
Query/Responder or Extended Mode X.509 Attribute Self-Query/Responder
(both server-side components) is to deploy a Shibboleth Attribute
Resolver in front of a VOMS attribute store. To do this, I would need
to understand the VOMS schema (which I don't, but I assume I could
look this up somewhere) but more importantly I'd need to know how to
map a VOMS attribute to SAML. We've talked about this some on this
list, but my question is: Is there a document that describes how to
map a VOMS attribute to SAML?
I suspect there is no such thing, so it seems we need a VOMS Attribute
Profile for SAML, that is, a document that shows how to map VOMS
attributes to SAML attributes. The structure of that profile would
follow the attribute profiles in section 8 of the SAML V2.0 Profiles
specification:
http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
At first I thought there should be a section on VOMS attributes in the
OGSA Attribute Exchange Profile, but the more I think about it, the
more I think it should be separate.
Thoughts?
Tom Scavo
NCSA
More information about the ogsa-authz-wg
mailing list