[OGSA-AUTHZ] Comment on Use of SAML to retrieve Authorization Credentials
Tom Scavo
trscavo at gmail.com
Sun Sep 14 21:48:51 CDT 2008
FWIW, I think this is a good idea. Tom
On Sun, Sep 14, 2008 at 10:35 AM, David Chadwick
<d.w.chadwick at kent.ac.uk> wrote:
> Dear WG
>
> one of the issues with the third party query mode, is how does the AA
> know that the user has issued consent for his attributes to be retrieved
> by the grid PEP.
>
> I propose that we insert the Consent parameter (see Section 3.2.1 and
> 8.4 of SAML Core) into the third party query with a value of Implicit.
> The fact that the user has initiated the grid job request, causing the
> PEP to pull his attributes, implies that he wants his attributes to be
> retrieved so that his job can run (otherwise he would get an
> authorisation failure message response). It therefore seems perfectly
> reasonable for the PEP to insert the Implicit Consent parameter into the
> request to the AA
>
> regards
>
> David
>
> --
>
> *****************************************************************
> David W. Chadwick, BSc PhD
> Professor of Information Systems Security
> The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
> Skype Name: davidwchadwick
> Tel: +44 1227 82 3221
> Fax +44 1227 762 811
> Mobile: +44 77 96 44 7184
> Email: D.W.Chadwick at kent.ac.uk
> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
> Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
> Entrust key validation string: MLJ9-DU5T-HV8J
> PGP Key ID is 0xBC238DE5
>
> *****************************************************************
>
> --
> ogsa-authz-wg mailing list
> ogsa-authz-wg at ogf.org
> http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
>
More information about the ogsa-authz-wg
mailing list