MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [xacml] Issue#47: WS-Policy Assertion profile for XACML
So it looks like these are not really assertions but rather just a way to carry xacml statements in a wsp:policy element, why I say this is that all you will be matching on is <xacmlws:XACMLPolicyAssertion Optional="False">.
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Anne.Anderson@sun.com>">Anne Anderson <Anne.Anderson@sun.com>
Colleagues,
Now that WS-Policy has been submitted to and accepted by the W3C, it
seems like we should have a standard way to carry an XACML Policy or
PolicySet as an Assertion in a WS-Policy instance. I'm thinking of
something like a very simple wrapper:
<xacmlws:XACMLPolicyAssertion Optional="False">
<xacml:PolicySet ...>
...
</xacml:PolicySet>
</xacmlws:XACMLPolicyAssertion>
Two other possible inclusions might be:
1) A signed SAML Assertion containing an instance of the
XACMLAuthzDecisionStatementType that includes the corresponding Request
Context; for use as an authorization credential.
<xacmlws:XACMLAuthzCredential>
<saml:Assertion>
... (containing XACMLAuthzDecisionStatementType instance)
</saml>
</xacmlws:XACMLAuthzCredential>
2) Individual XACML <Apply> statements, for expressing individual
authorization constraints.
<xacmlws:XACMLAuthzAssertion ...>
<xacml:Apply FunctionId="...">
...
</xacml:Apply>
</xacmlws:XACMLAuthzAssertion>
I've added this as Issue#47 to the Issues list at
http://wiki.oasis-open.org/xacml/IssuesList
Regards,
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]