Hi Von, David, Please find my slides in the attachement.
* Takuyi Mori presentation on NAREGI Authz Service and NAREGI XACML
Please correct my name to "Takuya Mori". Thank you,
profile Slides will be sent to the email list SAML 2.0 and XACML 2.0 based Uses GT authz framework Profile between Authz service client (in GT4) and Authz CVS Handles VOMS AC's and passes to Authz service Presented mapping of attributes from X.509 EEC/VOMS AC into XACML Resource Attribute Filtering Mechanism (RAFM) - Reference properties, XACML profile has Subject, Resource and Action attributes
There is an issue as to how a resource's attributes are obtained by the PEP. If the user submits them to the PEP there is a potential trust issue here, and the attributes will need to validated by the CVS. If the PEP obtains them itself from a local store this is not an issue.
Yes, this is an open issue. I'll write the detail on the RAFM and send it to the list. ---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan