OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Re: Draft of profile for XACML-compatible SAML Attributes. Forwardedmessage from Eve L. Maler.

  • 1.  Re: Draft of profile for XACML-compatible SAML Attributes. Forwardedmessage from Eve L. Maler.

    Posted 05-14-2004 13:23
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: Re: Draft of profile for XACML-compatible SAML Attributes. Forwardedmessage from Eve L. Maler.


    I think Eve's attached suggestion is good, and I have created
    Draft 02 (attached) with the suggested change. For those of you
    who haven't tried to tackle it yet, fear not: the content of this
    Profile is only 22 lines of normative text.
    
    Anne
    
    
    --- Begin Message ---
    I believe that, instead of the requirement for NameFormat:Name imposed 
    in the first paragraph of Section 3, what you really want is something 
    like this:
    
    "A *SAML Attribute* to be used as input to an *XACML processor* SHALL 
    have a NameFormat attribute value of 
    'urn:oasis:names:tc:SAML:2.0:attname-format:uri'.  The value of the 
    *SAML Attribute's* Name attribute SHALL be a URI reference that conforms 
    to this name format and that is sufficient to distinguish instances of 
    the given SAML Attribute from instances of other SAML or XACML 
    Attributes that have different semantics. ..."
    
    In other words, if you want to use a semantically distinguished URI as 
    the SAML Attribute's name, SAML now lets you do this in a really clear 
    way.  You simply need to indicate that the Name is intended to be a URI 
    by using the appropriate NameFormat value (given above).
    
    	Eve
    
    Anne Anderson wrote:
    
    > Attached is an initial draft of the Profile document that
    > specifies the format for XACML-compatible SAML Attributes.  This
    > Profile, once approved by the XACML TC, will be submitted to the
    > SSTC for inclusion in the SAML 2.0 set of specifications.
    > 
    > The SAML attribute names - Name and NameFormat - are those used
    > in the Rev 11 SAML 2.0 draft.
    > 
    > Comments invited.
    > 
    > Anne
    
    -- 
    Eve Maler                                        +1 781 442 3190
    Sun Microsystems                            cell +1 781 354 9441
    Web Products, Technologies, and Standards    eve.maler @ sun.com
    
    
    --- End Message ---
    
    -- 
    Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311     Tel: 781/442-0928
    Burlington, MA 01803-0902 USA  Fax: 781/442-1692
    
    

    XACML Profile of SAML V2.0 Attributes, Draft 02



    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]