Hi Tom this issue was discussed at length at OGF21 (see minutes). The conclusion was, if I remember correctly, that a separate document defining attribute, obligations and other parameters will be needed in the medium term, and it will take quite some time to produce it, since people will need operational experience in order to draw up the complete list. (In fact a live register might be better, similar to what IANA hold for various things.) But we need something now fast to get going. So the basic minimum will be in the profile docs which can be expected to be released soon, and then the other Standard Definitions doc or register can be produced incrementally over a longer period of time regards David Tom Scavo wrote:
I haven't fully digested the material in section 4.2.1 of the XACML profile, but have you thought about separating this out into a separate profile? Converting VOMS attributes to SAML attributes is generally useful, not just for XACML.
Thanks, Tom
On 11/28/07, David Chadwick <d.w.chadwick@kent.ac.uk> wrote:
Hi Valerio
this probably means we need a short paragraph in the Attributes Exchange profile with a pointer to the XACML profile, along with some additional words of explanation.
regards
David
Valerio Venturi wrote:
Hi Tom
we have already thought of this, and documented in the XACML profile how the various components of a VOMS FQAN are mapped into XACML attributes But Tom needs SAML's. Anyway, since VOMS will be releasing SAML attributes, and they'll very likely be according to the XACML Attribute
On Wed, 2007-11-28 at 12:58 +0000, David Chadwick wrote: profile, we'll have a way to translate them to XACLM Attribute, that is according to the SAML Profile for XACML. That will sort auhtZ services out too.
Valerio
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************