Globus impl of SAML 2.0 Profile of XACML
FYI, work has begun to incorporate an implementation of the SAML 2.0 Profile of XACML into Globus Toolkit: http://www.globus.org/mail_archive/jwscore-dev/2007/03/msg00019.html Tom Scavo NCSA
Hi Tom, at INFN we are working on the pretty much the same wsdl (attached, you'll forgive the naive naming). Currently we don't know how much effort we'll be able to put for the implementation in the short term but we'd like to follow the work the GT team is doing in order to assure future compatibility. Valerio On Thu, 2007-03-15 at 14:46 -0400, Tom Scavo wrote:
FYI, work has begun to incorporate an implementation of the SAML 2.0 Profile of XACML into Globus Toolkit:
http://www.globus.org/mail_archive/jwscore-dev/2007/03/msg00019.html
Tom Scavo NCSA -- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
Hi All It seems like at least 4 groups are now working on this profile Takuya in Japan Valerio in Italy Globus in the USA David in the UK Can I suggest that this protocol be the substantive item on the agenda for the next telecon scheduled for 3 April. We need to make sure that the current OGSA-Authz draft spec and all the implementations align with each other. Takuya has already made suggestions for additions to the OGSA-Authz draft in terms of specifying standard attribute types. You all may have other suggestions for improvement to the draft regards David Valerio Venturi wrote:
Hi Tom, at INFN we are working on the pretty much the same wsdl (attached, you'll forgive the naive naming). Currently we don't know how much effort we'll be able to put for the implementation in the short term but we'd like to follow the work the GT team is doing in order to assure future compatibility.
Valerio
On Thu, 2007-03-15 at 14:46 -0400, Tom Scavo wrote:
FYI, work has begun to incorporate an implementation of the SAML 2.0 Profile of XACML into Globus Toolkit:
http://www.globus.org/mail_archive/jwscore-dev/2007/03/msg00019.html
Tom Scavo NCSA -- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
------------------------------------------------------------------------
-- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
David Chadwick wrote:
Hi All
It seems like at least 4 groups are now working on this profile
Takuya in Japan Valerio in Italy Globus in the USA David in the UK
EGEE gLite Java AuthZ Framework (gJAF) can join this club :-)
Can I suggest that this protocol be the substantive item on the agenda for the next telecon scheduled for 3 April. We need to make sure that the current OGSA-Authz draft spec and all the implementations align with each other. Takuya has already made suggestions for additions to the OGSA-Authz draft in terms of specifying standard attribute types. You all may have other suggestions for improvement to the draft
regards
David
Valerio Venturi wrote:
Hi Tom, at INFN we are working on the pretty much the same wsdl (attached, you'll forgive the naive naming). Currently we don't know how much effort we'll be able to put for the implementation in the short term but we'd like to follow the work the GT team is doing in order to assure future compatibility.
Valerio
On Thu, 2007-03-15 at 14:46 -0400, Tom Scavo wrote:
FYI, work has begun to incorporate an implementation of the SAML 2.0 Profile of XACML into Globus Toolkit:
http://www.globus.org/mail_archive/jwscore-dev/2007/03/msg00019.html
Tom Scavo NCSA -- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
------------------------------------------------------------------------
-- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
Hi Tom we have already implemented this in GT4, including the use of obligations in responses. It is part of our coordination service that we discussed with Rachana in January and are contributing to Globus. We have two implementations. i) Java interface that uses the GT4 java authz callout for a local PDP ii) Web services interface for a remote PDP, that uses the SAML 2.0 profile of XACMLv2.0 as specified in the OGSA-Authz profile "Use of XACML Request Context to access a PDP". Linying can provide further details of the specifics. regards David Tom Scavo wrote:
FYI, work has begun to incorporate an implementation of the SAML 2.0 Profile of XACML into Globus Toolkit:
http://www.globus.org/mail_archive/jwscore-dev/2007/03/msg00019.html
Tom Scavo NCSA -- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
David, Tom referred to the message by Rachana in which is "XACML Authorization service interface contribution from James Moore ISI/IBM" mentioned. Can somebody clarify relations between all these implementation? Yuri David Chadwick wrote:
Hi Tom
we have already implemented this in GT4, including the use of obligations in responses. It is part of our coordination service that we discussed with Rachana in January and are contributing to Globus.
We have two implementations.
i) Java interface that uses the GT4 java authz callout for a local PDP
ii) Web services interface for a remote PDP, that uses the SAML 2.0 profile of XACMLv2.0 as specified in the OGSA-Authz profile "Use of XACML Request Context to access a PDP".
Linying can provide further details of the specifics.
regards
David
Tom Scavo wrote:
FYI, work has begun to incorporate an implementation of the SAML 2.0 Profile of XACML into Globus Toolkit:
http://www.globus.org/mail_archive/jwscore-dev/2007/03/msg00019.html
Tom Scavo NCSA -- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
Yuri Demchenko wrote:
David,
Tom referred to the message by Rachana in which is "XACML Authorization service interface contribution from James Moore ISI/IBM" mentioned.
Can somebody clarify relations between all these implementation?
I think the next scheduled Telecon can help to do that, if emails do not do it before regards David
Yuri
David Chadwick wrote:
Hi Tom
we have already implemented this in GT4, including the use of obligations in responses. It is part of our coordination service that we discussed with Rachana in January and are contributing to Globus.
We have two implementations.
i) Java interface that uses the GT4 java authz callout for a local PDP
ii) Web services interface for a remote PDP, that uses the SAML 2.0 profile of XACMLv2.0 as specified in the OGSA-Authz profile "Use of XACML Request Context to access a PDP".
Linying can provide further details of the specifics.
regards
David
Tom Scavo wrote:
FYI, work has begun to incorporate an implementation of the SAML 2.0 Profile of XACML into Globus Toolkit:
http://www.globus.org/mail_archive/jwscore-dev/2007/03/msg00019.html
Tom Scavo NCSA -- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
-- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
participants (4)
-
David Chadwick -
Tom Scavo -
Valerio Venturi -
Yuri Demchenko