OpenSAML user discussion

[Jay Packard <>]

Thanks, I understand the purpose of FulfillOn from the documentation now 
(whether the obligation has to be fulfilled) so I will always set it to 
Permit for GUMS. 

I assume the value of Status is application dependent since it doesn't 
specify the possible values.  I plan on using values of ok and error 
(along with the stuff before i.e. urn:oasis:names:tc:xacml:1.0:status:).

Jay

Chad La Joie wrote:
> Gabriele Garzoglio wrote:
> > - In the code, I have to add an attribute to an obligation, an 
> > obligation to an obligations list, an obligations list to a result, a 
> > result to a response, a response to a statement, and a statement, 
> > issuer, and subject to an assertion.  This is complex.  It would be 
> > nice if there was a wrapper function to only have to add the 
> > obligations and attributes and let the rest be default.
>
> This is a type of function that you need to write, if you need it.
>
> > - If the user is not mapped, I set FulfillOn to 'Deny' and don't 
> > include an attribute assignment.  Is this correct?
> > Comment: To deny authorization, we should use the Decision context.
>
> Refer to the XACML specification.  If it's not specified there then it 
> is up to your application.
>
> > Questions:
> > What is the status context?
>
> Refer to the XACML specification.
>
> > How is the FulfillOn attribute used in an obligation?
>
> Refer to the XACML specification.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature