[ogsa-wg] [OGSA-AUTHZ] [ogsa-authn-bof] Notes from Joint OGSA WG AuthN/AuthZ call
Tom Scavo
trscavo at gmail.com
Wed Jun 27 09:24:34 CDT 2007
On 6/27/07, David Chadwick <d.w.chadwick at kent.ac.uk> wrote:
> Tom Scavo wrote:
> >
> > Not sure why you're so concerned about statement types. An X.509
> > Binding for SAML Assertions does care much about the payload. (First
> > we have to specify *how* to bind, then we can talk about *what* :)
>
> The reason being that the SAML Authz statement is now acknowledged to be
> deficient and we will formally deprecate it once the XACML request
> context replaces it
Again, I'll resist the urge to dive into a detailed discussion here,
but I don't quite agree with this sentiment, so this could certainly
become an agenda item that the AuthZ WG might consider.
With regard to the concern Blair had about the need for an AuthN WG,
I'll simply point out the overlap between AuthN and AuthZ insofar as
the same security token might convey both types of security
information. In our prototype, this is certainly the case, so having
two separate WGs is less than ideal, at least with respect to the
types of security tokens we are considering.
Regards,
Tom
More information about the ogsa-wg
mailing list