Skip to Content.
Sympa Menu

shibboleth-dev - Re: Access Policy strawman

Subject: Shibboleth Developers

List archive

Re: Access Policy strawman


Chronological Thread 
  • From: Noah Levitt <>
  • To: Scott Cantor <>
  • Cc: , ,
  • Subject: Re: Access Policy strawman
  • Date: Fri, 4 Jun 2004 10:56:32 -0400
  • Secret-nsa-message-id: 3b026257dfe9ed894171dbbb76f5b2ba

On Thu, Jun 03, 2004 at 19:50:11 -0400, Scott Cantor wrote:
> > In the third example I have different documents ("Resource"s
> > I called them) with different access requirements. I think
> > it's good to put it down this far in the hierarchy so that
> > there doesn't have to be a separate contract each document
> > in the application.
>
> You have Resource as a container for the attribute set that satisfies the
> policy, but the contract is the attribute set, so isn't that having the
> opposite effect? Or is the consumer expected to union all of the pieces
> together to figure out what the actual ARP needs to be?

I figured that the arp gui would count the number of
different values are needed for different resources and
decide if there are more than 5 or so to present only the
options "none" or "any value".

>
> There's also the fact that I assumed we'd be using SAML metadata for
> expressing the attribute requester's requirements unless there was an
> obvious need to go a lot farther right away, and it won't contain this kind
> of policy.

So you're staying instead of this or xacml we should be
using saml?

Noah



Archive powered by MHonArc 2.6.16.

Top of Page