Comment #5 on issue 28 by thost...@gmail.com: Security http://code.google.com/p/ogf-nsi-project/issues/detail?id=28 I'd like to try and get SAML out of the WSDL before the SC11 demo. SAML is typically used in single sign on between identity provider and service providers. It does not really fit into NSI. We may have the need to have something like sessionSecurityAttr, though often these attributes are not related to security, but are typically request meta-data. Perhaps we could just call them sessionAttributes. Anyay I think the scheme with Name/Value in the protocol spec. e.g.: <sessionAttribute> <name> ... </name> <value> ... </value> </sessionAttribute> and a slighly more real example: <sessionAttribute> <name>requesterIdentity</name> <value>nsiuser@example.com</value> </sessionAttribute> The idea here is to have a place for connection information. What it should NOT be used for is any authentication or authorization, and ideally the attributs can be stripped without any reprocussions. If possible I would like to use this for SC11 visualization query tool, which could add something like: <sessionAttribute> <name>requesterIdentity</name> <value>NSIVisualizationTool</value> </sessionAttribute> Which would indicate to the NSI agent, that it should return all connections in the query made. This can of course be combined with proper authentication/authorization when we have that, but right we don't. Well there is the IP address, which can be made available from the MTL / protocol layer.