mace-opensaml-users - Re: [OpenSAML] Using OpenSAML to implement the GUMS PDP: questions and comments
Subject: OpenSAML user discussion
List archive
Re: [OpenSAML] Using OpenSAML to implement the GUMS PDP: questions and comments
Chronological Thread
- From: Chad La Joie <>
- To:
- Subject: Re: [OpenSAML] Using OpenSAML to implement the GUMS PDP: questions and comments
- Date: Thu, 01 May 2008 16:53:33 -0400
- Openpgp: id=146B2514
- Organization: SWITCH
Gabriele Garzoglio wrote:
- In the code, I have to add an attribute to an obligation, an obligation to an obligations list, an obligations list to a result, a result to a response, a response to a statement, and a statement, issuer, and subject to an assertion. This is complex. It would be nice if there was a wrapper function to only have to add the obligations and attributes and let the rest be default.
This is a type of function that you need to write, if you need it.
- If the user is not mapped, I set FulfillOn to 'Deny' and don't include an attribute assignment. Is this correct?
Comment: To deny authorization, we should use the Decision context.
Refer to the XACML specification. If it's not specified there then it is up to your application.
Questions:
What is the status context?
Refer to the XACML specification.
How is the FulfillOn attribute used in an obligation?
Refer to the XACML specification.
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
- Using OpenSAML to implement the GUMS PDP: questions and comments, Gabriele Garzoglio, 05/01/2008
- Re: Using OpenSAML to implement the GUMS PDP: questions and comments, Jay Packard, 05/01/2008
- Re: [OpenSAML] Using OpenSAML to implement the GUMS PDP: questions and comments, Chad La Joie, 05/01/2008
- Re: [OpenSAML] Using OpenSAML to implement the GUMS PDP: questions and comments, Jay Packard, 05/01/2008
Archive powered by MHonArc 2.6.16.