On Tue, 2007-12-04 at 15:08 +0000, David Chadwick wrote:
Hi Valerio and Chad
Valerio Venturi wrote:
Hi Chad, your work aims at satisfying the same need of one the current WG draft, Use of XACML Request Context to Obtain an Authorization Decision, last version at https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-auth... One difference is that this one states only that the SAML V2.0 Profile for XACLM V2.0 is used for carrying the message, while yours go deeper into details and mandate to using the SAML SOAP Binding. I think this suits also the WG specification, and this is exaclty what the SAML Profile for XACML was meant to, to leverage protocols and bindings that SAML have, why XACLM doesn't.
I agree. Where there are different options that are not pinned down sufficiently tightly in the existing drafts, then we should be adding additional text in order to ensure interworking.
The other requirements seems to me sounding as well. Please keep us informed of your efforts, so that we can exhange experiences and find a convergence. David, as the main author of the XACML spec, do you think Chad's doc requirements can be received in your doc?
I have no problems with this. After all this is meant to be the WG spec that is reached by common consensus. So if most people in the WG want these additions they will be adopted.
By the way, is PERMIS implementing the protocols using SOAP over HTTP or something else? What about authentication? Valerio