Hi Takuya I have uploaded them to the forge at http://forge.gridforum.org/sf/docman/do/listDocuments/projects.ogsa-authz/do... regards David Takuya Mori wrote:
Hi Von, David,
Please find my slides in the attachement.
* Takuyi Mori presentation on NAREGI Authz Service and NAREGI XACML
Please correct my name to "Takuya Mori". Thank you,
profile Slides will be sent to the email list SAML 2.0 and XACML 2.0 based Uses GT authz framework Profile between Authz service client (in GT4) and Authz CVS Handles VOMS AC's and passes to Authz service Presented mapping of attributes from X.509 EEC/VOMS AC into XACML Resource Attribute Filtering Mechanism (RAFM) - Reference properties, XACML profile has Subject, Resource and Action attributes There is an issue as to how a resource's attributes are obtained by the PEP. If the user submits them to the PEP there is a potential trust issue here, and the attributes will need to validated by the CVS. If the PEP obtains them itself from a local store this is not an issue.
Yes, this is an open issue. I'll write the detail on the RAFM and send it to the list.
---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************