[OGSA-AUTHZ] VOMS Attribute Profile
Valerio Venturi
valerio.venturi at cnaf.infn.it
Wed Nov 28 11:35:46 CST 2007
On Tue, 2007-11-27 at 12:32 -0500, Tom Scavo wrote:
> A relatively simple way to implement an Extended Mode X.509 Attribute
> Query/Responder or Extended Mode X.509 Attribute Self-Query/Responder
> (both server-side components) is to deploy a Shibboleth Attribute
> Resolver in front of a VOMS attribute store. To do this, I would need
> to understand the VOMS schema (which I don't, but I assume I could
> look this up somewhere) but more importantly I'd need to know how to
> map a VOMS attribute to SAML. We've talked about this some on this
> list, but my question is: Is there a document that describes how to
> map a VOMS attribute to SAML?
>
> I suspect there is no such thing, so it seems we need a VOMS Attribute
> Profile for SAML, that is, a document that shows how to map VOMS
There is no such thing yet, but there's some work in progress. Also
Krzysztof Benedyczak is working on a service with a semantic similar to
VOMS, a VO service, so we have been trying to unify the efforts and have
a common VO SAML 2.0 Attribute Profile. Your help and expertise would be
very much appreciate in finalizing it. I think that we may circulate the
document here and start a discussion. Krzysztof, is that ok with you?
> attributes to SAML attributes. The structure of that profile would
> follow the attribute profiles in section 8 of the SAML V2.0 Profiles
> specification:
>
> http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
>
> At first I thought there should be a section on VOMS attributes in the
> OGSA Attribute Exchange Profile, but the more I think about it, the
> more I think it should be separate.
I agree they should be separate.
Valerio
More information about the ogsa-authz-wg
mailing list