For part of some EGEE work that I'm involved in I came up with a profile, in draft form currently, for the XACML over SAML protocol defined within the OASIS XACML working group. Valerio suggested that I make it available to this working group for possible adoption in your efforts. The draft can be found here: http://switch.ch/grid/support/documents/xacmlsaml.pdf The basic goal of the document is to restrict possible options into a baseline subset such that discreet implementations might inter-operate. I think Valerio's summary of the document, as follows, is good: - requirement for using the SAML SOAP binding as in SAMLBind - requirement for having mutual authentication between the requester and the responder - some requirements on the elements usage - requirements on authN, integrity and confidentiality Note this document is only about interoperability at the protocol level, it does not speak to the other necessary item here which is a profile for the information (attributes) within the XACML request/response context. I know that individuals here have already been working on such a document. Comments are welcome to the document. We will be going forward with an immediate implementation of this draft for the EGEE work, but that should only be taken as a reflection of a constrained timeline for a short-term project, not as an indication that the profile is already as good as possible. -- SWITCH Serving Swiss Universities -------------------------- Chad La Joie, Software Engineer, Security Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 75, fax +41 44 268 15 68 chad.lajoie@switch.ch, http://www.switch.ch