[OGSA-AUTHZ] Comment of XACML profile
David Chadwick
d.w.chadwick at kent.ac.uk
Fri Aug 8 04:10:59 CDT 2008
Dear WG
We have a feature missing from the XACML profile that is in the WS-Trust
profile. We need to make these two profiles consistent so that whether
the PEP is talking to the CVS followed by the PDP, or the PDP only
(which talks to the CVS), the PEP should be able to obtain the same
level of service in both cases.
What is missing in the XACML profile is the ability to pass references
(meta info) to the PDP to tell it where to pick up the user's attributes
from. This feature is present in the WS-Trust profile in Section 6.
<SubjectAttributeReferenceAdvice>.
Tom has already made some valuable comments on this feature which the
group need to discuss and resolve.
My new comment is that whatever is agreed for the final WS-Trust
specification should also be incorporated into the XACML profile as well
so that the PEP can obtain an equivalent level of service by either route.
regards
David
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the ogsa-authz-wg
mailing list