[OGSA-AUTHZ] Comment on Use of SAML to retrieve Authorization Credentials
David Chadwick
d.w.chadwick at kent.ac.uk
Sun Sep 14 09:35:09 CDT 2008
Dear WG
one of the issues with the third party query mode, is how does the AA
know that the user has issued consent for his attributes to be retrieved
by the grid PEP.
I propose that we insert the Consent parameter (see Section 3.2.1 and
8.4 of SAML Core) into the third party query with a value of Implicit.
The fact that the user has initiated the grid job request, causing the
PEP to pull his attributes, implies that he wants his attributes to be
retrieved so that his job can run (otherwise he would get an
authorisation failure message response). It therefore seems perfectly
reasonable for the PEP to insert the Implicit Consent parameter into the
request to the AA
regards
David
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the ogsa-authz-wg
mailing list