Hi Tom we have already implemented this in GT4, including the use of obligations in responses. It is part of our coordination service that we discussed with Rachana in January and are contributing to Globus. We have two implementations. i) Java interface that uses the GT4 java authz callout for a local PDP ii) Web services interface for a remote PDP, that uses the SAML 2.0 profile of XACMLv2.0 as specified in the OGSA-Authz profile "Use of XACML Request Context to access a PDP". Linying can provide further details of the specifics. regards David Tom Scavo wrote:
FYI, work has begun to incorporate an implementation of the SAML 2.0 Profile of XACML into Globus Toolkit:
http://www.globus.org/mail_archive/jwscore-dev/2007/03/msg00019.html
Tom Scavo NCSA -- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************