FYI ---------------------------------------------------------------------- Web Services Profile of XACML (WS-XACML) Anne Anderson, OASIS Presentation This PDF document summarizes a presentation made at the OASIS XACML TC Face-to-Face meeting on 13-March-2007. Outline: Web Services Policy Background; XACML Web Services Policy Assertions; XACML Assertion Format; XACML Assertion Matching; Defined XACML Assertions [XACMLAuthzAssertion, XACMLPrivacyAssertion]; New XACML Functions and Attribute Identifiers; Open Issues. Abstract from "Web Services Profile of XACML (WS-XACML) Version 1.0": "This document specifies ways to use XACML in the context of Web Services for authorization, access control, and privacy policies. It specifies four types of information. (1) An authorization token or credential based on XACML to be used in a Web Services context for conveying an authorization decision from a trusted third party to a Web Service. (2) A policy Assertion type based on XACML elements for use with WS-Policy or other schemas and protocols; this Assertion may be used to convey both requirements and capabilities related to authorization, access control, and privacy for Web Service clients and for the services themselves. This Profile specifies standard formats, matching semantics, and usage guidelines for two Assertions derived from this type: one for authorization policies and the other for privacy policies. (3) Some ways in which Attributes for a client MAY be passed to a Web Service as part of a SOAP message in such a way that they can be authenticated as having been issued by a trusted authority. These Attributes may be used by the Web Service in evaluating the internal XACML policies of a service or enterprise that are relevant to a given Web Services access. (4) How to express P3P policy preferences and match them using the new Assertion based on XACML." http://xml.coverpages.org/xacml.html#Anderson-WS-XACML-F2F200703 See also WD 08: http://www.oasis-open.org/committees/download.php/21490/xacml-3.0-profile-we... ----------------------------------------------------------------------