MHonArc v2.5.0b2 -->
















xacml message






[Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [List Home]








Subject: RE: XACML extensions to SAML. Scott Cantor response




From: Anne Anderson <Anne.Anderson@Sun.COM>
To: XACML TC <xacml@lists.oasis-open.org>
Date: Fri, 30 Jul 2004 13:41:42 -0400






--- Begin Message ---

From: Scott Cantor <cantor.2@osu.edu>
To: Anne.Anderson@Sun.COM
Date: Fri, 30 Jul 2004 13:35:43 -0400

> The XACML <Status> can be different for each XACML <Result> that
> is returned, since they are evaluated independently by the PDP.

Thanks, that's what I was missing. The same issues come up when tunnelling
an application through SOAP, which also can't easily represent multiple
status values for different actions. And the solution (tunnelling) is
suboptimal in both cases, but probably unavoidable.

> It seems to me that the SAML Status for an XACML Response could
> be one of two values:
> 
>   No errors occurred
>   At least one error occurred

The SAML Status must be the URI for Success if an assertion is successfully
returned, although a subcode could be created in your profile that reflects
more precisely what's in the assertion.

-- Scott


--- End Message ---
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692













[Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [List Home]