[OGSA-AUTHZ] VO SAML Attribute Profile
Richard Sinnott
r.sinnott at nesc.gla.ac.uk
Fri Feb 15 11:31:16 CST 2008
We are also implementing tools that allow to scope the federation
metadata (amongst other things) to define who one trusts and with what
security attributes etc. The first of these tools is now done and being
tested with various collaborators. The tools will ultimately be
integrated into the OMII software stack.
If people want to see this, I am around at OGF22 and happy to run a demo
or two - this in addition to the other demos we have planned showing how
we are using the various implementations of the recent authZ specs.
Cheers,
R.
-----Original Message-----
From: ogsa-authz-wg-bounces at ogf.org
[mailto:ogsa-authz-wg-bounces at ogf.org] On Behalf Of David Chadwick
Sent: 15 February 2008 17:24
To: Krzysztof Benedyczak
Cc: ogsa-authz-wg at ogf.org
Subject: Re: [OGSA-AUTHZ] VO SAML Attribute Profile
Of course ultimately this is not scalable nor manageable. I believe
Internet 2 are working on a distributed metadata model where everyone
can assert their own metadata, self sign it, and manage it. Recipients
then will need to configure their own trust rules for who they trust to
assert what (which is what PERMIS does today :-)
regards
David
Krzysztof Benedyczak wrote:
> Chad La Joie wrote:
>> Metadata is not currently self-asserted. So it's not the IdP the
>> defines its metadata. It's the federation that is ultimately
>> responsible for it. So, you have a third-party there vouching that
>> the scope is appropriate for the IdP. So, if you trust that
>> third-party you're good.
> OK, now everything is clear.
>
> Thanks for the explanations!
>
> Best regards
> Krzysztof
> --
> ogsa-authz-wg mailing list
> ogsa-authz-wg at ogf.org
> http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security The Computing Laboratory,
University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site:
http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************
--
ogsa-authz-wg mailing list
ogsa-authz-wg at ogf.org
http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
More information about the ogsa-authz-wg
mailing list