[OGSA-AUTHZ] VO SAML Attribute Profile
David Chadwick
d.w.chadwick at kent.ac.uk
Fri Feb 15 11:23:47 CST 2008
Of course ultimately this is not scalable nor manageable. I believe
Internet 2 are working on a distributed metadata model where everyone
can assert their own metadata, self sign it, and manage it. Recipients
then will need to configure their own trust rules for who they trust to
assert what (which is what PERMIS does today :-)
regards
David
Krzysztof Benedyczak wrote:
> Chad La Joie wrote:
>> Metadata is not currently self-asserted. So it's not the IdP the
>> defines its metadata. It's the federation that is ultimately
>> responsible for it. So, you have a third-party there vouching that the
>> scope is appropriate for the IdP. So, if you trust that third-party
>> you're good.
> OK, now everything is clear.
>
> Thanks for the explanations!
>
> Best regards
> Krzysztof
> --
> ogsa-authz-wg mailing list
> ogsa-authz-wg at ogf.org
> http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the ogsa-authz-wg
mailing list