Dear WG We have a feature missing from the XACML profile that is in the WS-Trust profile. We need to make these two profiles consistent so that whether the PEP is talking to the CVS followed by the PDP, or the PDP only (which talks to the CVS), the PEP should be able to obtain the same level of service in both cases. What is missing in the XACML profile is the ability to pass references (meta info) to the PDP to tell it where to pick up the user's attributes from. This feature is present in the WS-Trust profile in Section 6. <SubjectAttributeReferenceAdvice>. Tom has already made some valuable comments on this feature which the group need to discuss and resolve. My new comment is that whatever is agreed for the final WS-Trust specification should also be incorporated into the XACML profile as well so that the PEP can obtain an equivalent level of service by either route. regards David ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
participants (1)
-
David Chadwick