Skip to Content.
Sympa Menu

shibboleth-dev - RE: Access Policy strawman

Subject: Shibboleth Developers

List archive

RE: Access Policy strawman


Chronological Thread 
  • From: Scott Cantor <>
  • To: 'Noah Levitt' <>
  • Cc: , ,
  • Subject: RE: Access Policy strawman
  • Date: Thu, 03 Jun 2004 19:50:11 -0400
  • Organization: The Ohio State University

> In the third example I have different documents ("Resource"s
> I called them) with different access requirements. I think
> it's good to put it down this far in the hierarchy so that
> there doesn't have to be a separate contract each document
> in the application.

You have Resource as a container for the attribute set that satisfies the
policy, but the contract is the attribute set, so isn't that having the
opposite effect? Or is the consumer expected to union all of the pieces
together to figure out what the actual ARP needs to be?

There's also the fact that I assumed we'd be using SAML metadata for
expressing the attribute requester's requirements unless there was an
obvious need to go a lot farther right away, and it won't contain this kind
of policy.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page