OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Attribute's Issuer as string?

  • 1.  Attribute's Issuer as string?

    Posted 07-09-2003 18:59
    The Attribute's Issuer is defined as a string, and I was wondering what the 
    design rational was behind that choice.
    
    I was trying to see how you could take care of part of the path validation of an 
    assertion in xacml.
    
    For example, you would only accept a certain attribute value if it was issued by 
       a subject that was a member of a certain group, or only by an issuer with a 
    certain name only if that name was asserted by a certain identity issuer.
    
    I guess I was looking for an issuer type that would again be a subject with its 
    own attributes.
    
    One alternative would be to chain different subjects in the Request together 
    through a naming conventions that ties issuer's value to a subject's attribute 
    value ... but that doesn't seem very elegant.
    
    Insight? Suggestions?
    
    Thanks, Frank.
    
    
    -- 
    Frank Siebenlist              franks@mcs.anl.gov
    The Globus Project - Argonne National Laboratory