Sorry guys, I must have selected the wrong file type originally. A new version (PDF) with the appropriate filetype is at https://forge.gridforum.org/projects/ogsa-authz/document/SAML-Obligation-Ext ensions-used-in-OSG/en/2 or alternatively: http://tinyurl.com/5uuke Markus
-----Original Message----- From: Tom Barton [mailto:tbarton@uchicago.edu] Sent: Tuesday, February 22, 2005 7:23 AM To: Markus Lorch Subject: Re: [OGSA-AUTHZ] Use of Obligations in the Privilege Project Authorizaiton Infrastructure for OpenScienceGrid
Markus,
I'm not able to open that file - it seems to be a pdf, but gridforge has it wrapped up as plain text. Could you fix it?
Thanks, Tom
Markus Lorch wrote:
Hi All,
I have written a document for the OGSA AuthZ WG that discribes how we use obligations in the privilege project for the Open Science Grid. I have uploaded the document to grid forge at
/projects/ogsa-authz/document/SAML-Obligation-Extensions-used- in-OSG/en/1.
In short I decided to follow David's proposal for an ObligatedAuthorizationDecisionStatement but used the "Obligation" element as an extension point. I
an XACML Obligation. (others could choose to implement PonderObligation)
I found that all the obligations I want to convey are naturally expressed as attribute assignments (see examples in the document). While
semantic negotiation issues (which we also have for standard attributes) I like the possible integration path with XACML over SAML and
which I can define an obligation in an XACML policy and have it with no effort appear in the decision statement.
I continue to believe that we should move away from the SAML Authorization Decision Statement towards the use of XACML over SAML in
then implemented there may be the ease with the long run.
(see my email from Sept. 23, 2004)
I won't be able to attend GGF13. Hope y'all have a great meeting
Markus
---------------------------------------------------------------- Markus Lorch Department of Computer Science Phone: +1 540 231 5914 Virginia Tech, m/c 106 Fax: +1 540 231 6075 Blacksburg, VA 24061, U.S.A. http://people.cs.vt.edu/~mlorch