15-Day Committee Specification Draft Public Review Request for SAML 2.0 Profile of XACML, Version 2.0

XMLWordPrintable

      Submitted on Thursday, May 1, 2014 - 18:53
      Submitted by user:
      Submitted values are:

      Submitter's Name: bill Parducci
      TC Name: extensible Access Control Markup Language (XACML)
      TC Email Address: xacml@lists.oasis-open.org
      Work Product Title: SAML 2.0 Profile of XACML, Version 2.0
      Committee Specification Draft ##: CSD-##
      CSD URI: TBD
      Additional Resources: Redline version of DOC
      Approval Link:
      https://lists.oasis-open.org/archives/xacml/201404/msg00054.html
      Previous Public Review Announcement:
      http://markmail.org/message/ol4nrdicoqp3txdk
      Abstract: This specification defines a profile for the integration of the
      OASIS
      Security Assertion Markup Language (SAML) Version 2.0 with all versions of
      XACML. SAML 2.0 complements XACML functionality in many ways, so a number of
      somewhat independent functions are described in this profile: 1) use of SAML
      2.0 Attribute Assertions with XACML, including the use of SAML Attribute
      Assertions in a SOAP Header to convey Attributes that can be consumed by an
      XACML PDP, 2) use of SAML to carry XACML authorization decisions,
      authorization
      decision queries, and authorization decision responses, 3) use of SAML to
      carry
      XACML policies, policy queries, and policy query responses, 4) use of XACML
      authorization decisions or policies as Advice in SAML Assertions, and 5) use
      of
      XACML responses in SAML Assertions as authorization tokens. Particular
      implementations may provide only a subset of these functions.
      TC Description: XACML is expected to address fine grained control of
      authorized
      activities, the effect of characteristics of the access requestor, the
      protocol
      over which the request is made, authorization based on classes of activities,
      and content introspection (i.e. authorization based on both the requestor and
      potentially attribute values within the target where the values of the
      attributes may not be known to the policy writer). XACML is also expected to
      suggest a policy authorization model to guide implementers of the
      authorization
      mechanism.
      Notification List:
      Notes: I was able to find the announcement in Markmail but was unable to find
      a
      link via the Oasis web interface. I provided the Markmail link.

      The results of this submission may be viewed at:
      http://tools.oasis-open.org/issues/browse/TCADMIN

            Assignee:
            Unassigned
            Reporter:
            Bill Parducci (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: