I'm queueing up this citation for reference in the Daily Newslink
newsletter [1]. It's of possible interest to XACML and SAML TC members.
This document was released by OGF for public comment
"Use of XACML Request Context to Obtain an Authorisation Decision"
Open Grid Forum (OGF) Proposed Recommendation
Edited by: David W. Chadwick, Linying Su, Romain Laborde
(University of Kent, Information Systems Security Group)
Produced by: OGSA Authorization WG (OGSA-AUTHZ-WG)
http://www.ogf.org/gf/group_info/view.php?group=ogsa-authz-wg
OGF Area: Security
End of comment period: August 13,2008
Document date: 31-March-2008
Extent: 12 pages
Document type: P-REC (Proposed Recommendation)
Document URI:
http://www.ogf.org/Public_Comment_Docs/Documents/2008-06/XACMLContextProfile0-5.pdf
Comment URI: http://www.ogf.org/gf/docs/comment.php?id=262
Abstract
The purpose of this document is to specify a protocol for
accessing a Policy Decision Point (PDP) by a Grid Policy
Enforcement Point (PEP) in order to obtain access control
decisions containing obligations. The protocol is a profile
of the SAML2.0 profile of XACML, tailored especially for grid
use.
This document describes how an XACML request context can be
created and transferred by a Grid Policy Enforcement Point
(PEP) to a Police Decision Point (PDP) in order to obtain
authorisation decisions (possibly including obligations)
for Grid applications. The XACML request context contains
attributes of the subject, resource, action and environment,
and is transported to the PDP in a SAMLv2 request message.
The XACML response context contains an authorization
decision and optional obligations that must be enforced by
the PEP, either before, with or after enforcement of the
user's request.
-- Robin Cover
[1] http://xml.coverpages.org/newsletterArchive.html
Robin Cover
OASIS, Chief Information Architect
Editor, Cover Pages and XML Daily Newslink
http://xml.coverpages.org/