[OGSA-AUTHZ] VOMS Attribute Profile
David Chadwick
d.w.chadwick at kent.ac.uk
Wed Nov 28 13:14:32 CST 2007
Hi Tom
this issue was discussed at length at OGF21 (see minutes). The
conclusion was, if I remember correctly, that a separate document
defining attribute, obligations and other parameters will be needed in
the medium term, and it will take quite some time to produce it, since
people will need operational experience in order to draw up the complete
list. (In fact a live register might be better, similar to what IANA
hold for various things.) But we need something now fast to get going.
So the basic minimum will be in the profile docs which can be expected
to be released soon, and then the other Standard Definitions doc or
register can be produced incrementally over a longer period of time
regards
David
Tom Scavo wrote:
> I haven't fully digested the material in section 4.2.1 of the XACML
> profile, but have you thought about separating this out into a
> separate profile? Converting VOMS attributes to SAML attributes is
> generally useful, not just for XACML.
>
> Thanks,
> Tom
>
> On 11/28/07, David Chadwick <d.w.chadwick at kent.ac.uk> wrote:
>> Hi Valerio
>>
>> this probably means we need a short paragraph in the Attributes Exchange
>> profile with a pointer to the XACML profile, along with some additional
>> words of explanation.
>>
>> regards
>>
>> David
>>
>> Valerio Venturi wrote:
>>> On Wed, 2007-11-28 at 12:58 +0000, David Chadwick wrote:
>>>> Hi Tom
>>>>
>>>> we have already thought of this, and documented in the XACML profile how
>>>> the various components of a VOMS FQAN are mapped into XACML attributes
>>> But Tom needs SAML's. Anyway, since VOMS will be releasing SAML
>>> attributes, and they'll very likely be according to the XACML Attribute
>>> profile, we'll have a way to translate them to XACLM Attribute, that is
>>> according to the SAML Profile for XACML. That will sort auhtZ services
>>> out too.
>>>
>>> Valerio
>>>
>>>
>>>
>> --
>>
>> *****************************************************************
>> David W. Chadwick, BSc PhD
>> Professor of Information Systems Security
>> The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
>> Skype Name: davidwchadwick
>> Tel: +44 1227 82 3221
>> Fax +44 1227 762 811
>> Mobile: +44 77 96 44 7184
>> Email: D.W.Chadwick at kent.ac.uk
>> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
>> Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
>> Entrust key validation string: MLJ9-DU5T-HV8J
>> PGP Key ID is 0xBC238DE5
>>
>> *****************************************************************
>>
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the ogsa-authz-wg
mailing list