I was in favour of the profile separation too. In Seattle, I said it's something worth considering also for the PDP spec, since projects have ongoing efforts in defining for XACML ids. However, I understood, and understand David's concern on timing. Anyway, I don't know if it does really make sense to say that we put requirements inside the current spec now, because there's no time to prepare a spec on their own. Won't there be syncing problem beetwen the two? I suggest to see how and how fast the attribute profile proceeds before we decide. Valerio On Wed, 2007-11-28 at 19:14 +0000, David Chadwick wrote:
Hi Tom
this issue was discussed at length at OGF21 (see minutes). The conclusion was, if I remember correctly, that a separate document defining attribute, obligations and other parameters will be needed in the medium term, and it will take quite some time to produce it, since people will need operational experience in order to draw up the complete list. (In fact a live register might be better, similar to what IANA hold for various things.) But we need something now fast to get going. So the basic minimum will be in the profile docs which can be expected to be released soon, and then the other Standard Definitions doc or register can be produced incrementally over a longer period of time
regards
David
Tom Scavo wrote:
I haven't fully digested the material in section 4.2.1 of the XACML profile, but have you thought about separating this out into a separate profile? Converting VOMS attributes to SAML attributes is generally useful, not just for XACML.
Thanks, Tom
On 11/28/07, David Chadwick <d.w.chadwick@kent.ac.uk> wrote:
Hi Valerio
this probably means we need a short paragraph in the Attributes Exchange profile with a pointer to the XACML profile, along with some additional words of explanation.
regards
David
Valerio Venturi wrote:
Hi Tom
we have already thought of this, and documented in the XACML profile how the various components of a VOMS FQAN are mapped into XACML attributes But Tom needs SAML's. Anyway, since VOMS will be releasing SAML attributes, and they'll very likely be according to the XACML Attribute
On Wed, 2007-11-28 at 12:58 +0000, David Chadwick wrote: profile, we'll have a way to translate them to XACLM Attribute, that is according to the SAML Profile for XACML. That will sort auhtZ services out too.
Valerio
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************