OASIS eXtensible Access Control Markup Language (XACML) TC

OGF document released for public comment: "Use of XACML RequestContext..."

  • 1.  OGF document released for public comment: "Use of XACML RequestContext..."

    Posted 06-28-2008 20:10
    I'm queueing up this citation for reference in the Daily Newslink
    newsletter [1].  It's of possible interest to XACML and SAML TC members.
    
    This document was released by OGF for public comment
    
    "Use of XACML Request Context to Obtain an Authorisation Decision"
    
    Open Grid Forum (OGF) Proposed Recommendation
    Edited by: David W. Chadwick, Linying Su, Romain Laborde
      (University of Kent, Information Systems Security Group)
    Produced by: OGSA Authorization WG (OGSA-AUTHZ-WG)
       http://www.ogf.org/gf/group_info/view.php?group=ogsa-authz-wg
    OGF Area: Security
    
    End of comment period: August 13,2008
    Document date: 31-March-2008
    Extent: 12 pages
    Document type: P-REC (Proposed Recommendation)
    Document URI: 
    http://www.ogf.org/Public_Comment_Docs/Documents/2008-06/XACMLContextProfile0-5.pdf
    Comment URI: http://www.ogf.org/gf/docs/comment.php?id=262
    
    Abstract
    
    The purpose of this document is to specify a protocol for
    accessing a Policy Decision Point (PDP) by a Grid Policy
    Enforcement Point (PEP) in order to obtain access control
    decisions containing obligations. The protocol is a profile
    of the SAML2.0 profile of XACML, tailored especially for grid
    use.
    
    This document describes how an XACML request context can be
    created and transferred by a Grid Policy Enforcement Point
    (PEP) to a Police Decision Point (PDP) in order to obtain
    authorisation decisions (possibly including obligations)
    for Grid applications. The XACML request context contains
    attributes of the subject, resource, action and environment,
    and is transported to the PDP in a SAMLv2 request message.
    The XACML response context contains an authorization
    decision and optional obligations that must be enforced by
    the PEP, either before, with or after enforcement of the
    user's request.
    
    -- Robin Cover
    
    [1] http://xml.coverpages.org/newsletterArchive.html
    
    Robin Cover
    OASIS, Chief Information Architect
    Editor, Cover Pages and XML Daily Newslink
    http://xml.coverpages.org/