Hi Alan the fact that the draft is SAML and WS-Trust oriented is because this protocol combination was chosen by the EC TrustCoM project as workable. I am personally not religiously bound to any particular protocol. I would much prefer a protocol that works and is agreed by everyone, rather than standing by the current protocol choice. If we make the service generic enough, it should be able to take a bag of credentials and return the set of valid attributes (where one or more of these attributes can be the authenticated names or IDs of the principal). The CVS will be driven by a policy that provides the rules for how the validation proceeds. Specifying the policy is not part of the current charter of the Authz group. regards David Alan Sill wrote:
Note this document, as David says, is SAML- and WS-Trust oriented. As he says, a similar approach could be used for PKI credential evaluation.
The Naples document distributed earlier by Jesus Luna is also relevant to this and to the LoA topic.
Alan
On Feb 1, 2007, at 11:18 AM, David Chadwick wrote:
Alan Sill, Ph.D TIGRE Senior Scientist, High Performance Computing Center Adjunct Professor of Physics TTU
==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************