[ogsa-wg] communication of assertions
Takuya Mori
mori at mcs.anl.gov
Mon May 23 04:44:48 CDT 2005
Hi All,
This message is intended to start the discussion on the WSRF-BP
Tracker Item #1323 (and hopefully to close it).
TI#1323
Summary: Communication of assertions
Description: Profiles for common assertions in headers or Proxy Certificate
I'd like to propose to add the following to the WSRF Basic Profile 1.0
----
8.1.x or 8.x Communications of assertions
Senders MAY send assertions that can be used for policy decisions
including access control decision by receivers with SOAP messages.
The assertions MUST be SAML assertions or X509 attribute
certificates and senders and receivers MUST adhere to the Basic
SEcurity Profile or SAML Token Profile Version 1.0 when sending
assertions.
R08xx When communicating SAML assertions, a SENDER and a RECEIVER
MUST comply with SAML Token Profile Version 1.0
R08xx When communicating X509 attribute certificates, a SENDER and
a RECEIVERMUST comply with the Basec Security Profile
Version 1.0 Section 5.
----
Here is some background on my proposal.
I think's it is better not to use proxy certificate as a mean for
communication of assertions, because there is no standardized way of
embedding assertions in X509 certificates as certificate extentions,
thus, developing such a standard would be too costly.
----
Takuya Mori
More information about the ogsa-wg
mailing list