OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
Back to discussions
Expand all | Collapse all

[xacml] SAML to XACML Context sample transformation

  • 1.  [xacml] SAML to XACML Context sample transformation

    Posted 06-05-2002 06:16 
     MHonArc v2.5.2 -->



















    xacml message
    







    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    







    Subject: [xacml] SAML to XACML Context sample transformation
    







    



    I wrote a sample XSLT transformation that transforms SAML:Request into
XACML:Context that I proposed the other day. The XACML Context syntax is a
little different from what Simon proposed before but I think it is not
difficult to change this to other XACML Context syntax. I used the
SAML:Request described in the XACML draft v0.13 page 10 (3.3 Example
authorization decision request) with a couple of corrections (e.g. a wrong
element name not used in the latest SAML spec). Note this sample
transformation does not support full SAML:Request spec and may not work
correctly in some cases. It generates the following XACML Context. I
attached two files: SAML-XACMLContext.xsl and SAMLRequest.xml.

<?xml version="1.0" encoding="UTF-8"?>
<RequestContext xmlns:samlp
="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-protocol-28.xsd";

xmlns:saml
="http://www.oasis-open.org/committees/security/docs/draft-sstc-schema-assertion-28.xsd";>
  <ContextPrincipal>
    <Principal PrincipalType="RequestingUser">
      <Attribute AttributeName="NameIdentifier" AttributeNamespace
="//medico.com">Julius Hibbert</Attribute>
      <Attribute AttributeName
="AuthenticationInstant">2002-03-08T08:23:45-05:00</Attribute>
      <Attribute AttributeName
="AuthenticationMethod">http://www.oasis-open.org/committees/security/docs/draft-sstc-core-28/password-sha1</Attribute>
      <Attribute AttributeName
="ConfirmationMethod">http://www.oasis-open.org/committees/security/docs/draft-sstc-core-24/artifact</Attribute>
      <Attribute AttributeName="IPAddress">217.57.95.242</Attribute>
      <Attribute AttributeName="role" AttributeNamespace
="//medico.com">physician</Attribute>
    </Principal>
  </ContextPrincipal>
  <ContextResource>
    <Resource ResourceType="XML">
      <Attribute AttributeName="ResourceURI">//medico.com/record/patient
[@patientName/first='Bartholomew'][@patientName/last
='Simpson']/patientDoB</Attribute>
    </Resource>
  </ContextResource>
  <ContextAction>
    <Action ActionType="XMLAction">
      <Attribute AttributeName="read"/>
    </Action>
  </ContextAction>
</RequestContext>

(See attached file: SAML-XACMLContext.xsl)(See attached file:
SAMLRequest.xml)
Michiharu Kudo

IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428

    

    Attachment:
SAML-XACMLContext.xsl
    
Description: Binary data
    

    Attachment:
SAMLRequest.xml
    
Description: Binary data
    





    






    


    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    
  

    


    







    Powered by eList eXpress LLC


Related Content