OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Re: [xacml] Issue#47: WS-Policy Assertion profile for XACML

  • 1.  Re: [xacml] Issue#47: WS-Policy Assertion profile for XACML

    Posted 07-27-2006 14:39
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: Re: [xacml] Issue#47: WS-Policy Assertion profile for XACML


    So it looks like these are not really assertions but rather just a way to carry xacml statements in a wsp:policy element, why I say this is that all you will be matching on is <xacmlws:XACMLPolicyAssertion Optional="False">.

    Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
    Inactive hide details for Anne Anderson <<a href=Anne.Anderson@sun.com>">Anne Anderson <Anne.Anderson@sun.com>



    To

    OASIS XACML TC <xacml@lists.oasis-open.org>

    cc


    Subject

    [xacml] Issue#47: WS-Policy Assertion profile for XACML

    Colleagues,

    Now that WS-Policy has been submitted to and accepted by the W3C, it
    seems like we should have a standard way to carry an XACML Policy or
    PolicySet as an Assertion in a WS-Policy instance.  I'm thinking of
    something like a very simple wrapper:

    <xacmlws:XACMLPolicyAssertion Optional="False">
      <xacml:PolicySet ...>
        ...
      </xacml:PolicySet>
    </xacmlws:XACMLPolicyAssertion>

    Two other possible inclusions might be:

    1) A signed SAML Assertion containing an instance of the
    XACMLAuthzDecisionStatementType that includes the corresponding Request
    Context; for use as an authorization credential.

      <xacmlws:XACMLAuthzCredential>
         <saml:Assertion>
            ... (containing XACMLAuthzDecisionStatementType instance)
         </saml>
      </xacmlws:XACMLAuthzCredential>

    2) Individual XACML <Apply> statements, for expressing individual
    authorization constraints.

      <xacmlws:XACMLAuthzAssertion ...>
          <xacml:Apply FunctionId="...">
             ...
          </xacml:Apply>
      </xacmlws:XACMLAuthzAssertion>

    I've added this as Issue#47 to the Issues list at
    http://wiki.oasis-open.org/xacml/IssuesList

    Regards,
    Anne
    --
    Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311     Tel: 781/442-0928
    Burlington, MA 01803-0902 USA  Fax: 781/442-1692

    ---------------------------------------------------------------------
    To unsubscribe from this mail list, you must leave the OASIS TC that
    generates this mail.  You may a link to this group and all your TCs in OASIS
    at:
    https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 


    GIF image



    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]