The Attribute's Issuer is defined as a string, and I was wondering what the
design rational was behind that choice.
I was trying to see how you could take care of part of the path validation of an
assertion in xacml.
For example, you would only accept a certain attribute value if it was issued by
a subject that was a member of a certain group, or only by an issuer with a
certain name only if that name was asserted by a certain identity issuer.
I guess I was looking for an issuer type that would again be a subject with its
own attributes.
One alternative would be to chain different subjects in the Request together
through a naming conventions that ties issuer's value to a subject's attribute
value ... but that doesn't seem very elegant.
Insight? Suggestions?
Thanks, Frank.
--
Frank Siebenlist franks@mcs.anl.gov
The Globus Project - Argonne National Laboratory