[Pgi-wg] Sec: Agreement on supported Attribute Authority Interfaces
Duane Merrill
dgm4d at virginia.edu
Thu Mar 19 09:05:00 CDT 2009
>
>
> ### Possible scenarios
...
E. A user (or agent service) is in possession of statically-assigned
credentials (an identity + zero-or-more attributes).
>
> ### Possible conclusion:
>
> A. We only reference in our profile possible ways of retrieving either ACs
> or SAML assertions (e.g. by pointing to the SAML-request document that is
> in
> public comment currently as mentioned earlier). We do not intend to profile
> how exactly a user gets its attributes.
>
> B. If we agree on A - we indirectly agree on attribute push since in the
> attribute pull mode - for interoperability reasons - the interface of
> getting attributes must be known so that the middleware can contact it on
> behalf of the user!
>
> C. We deal with RFC ACs
>
> D. We deal with SAML assertions
>
> E. We only consider C+D in the first iteration of the profile
>
>
We would prefer to begin with A (which implies B). We can always layer an
agreement for attribute/token aquisition at a later date if the world
demands a pull-style mode.
-Duane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/pgi-wg/attachments/20090319/6366cd2c/attachment.html
More information about the Pgi-wg
mailing list