Search This Blog

Monday, December 3, 2007


The SAML 2.0 Profile of XACML defines extension to SAML V2.0 assertion
and request-response protocol messages. This "SOAP Profile for
XACML-SAML" specification defines the use of these messages over the
SAML 2 SOAP binding. The document is a working draft produced by SWITCH
as a product of its work within the EGEE JRA 1 working group. It is
based on the OASIS working draft of the SAML 2.0 Profile of XACML,
Version 2.0. This document corrects and clarifies a significant number
of items incorrectly specified in previous versions. From the author's
posting: "For part of some EGEE work that I'm involved in I came up
with a profile, in draft form currently, for the XACML over SAML
protocol defined within the OASIS XACML working group. The basic goal
of the document is to restrict possible options into a baseline subset
such that discreet implementations might inter-operate. I think Valerio
[Venturi]'s summary of the document, as follows, is good: (1) requirement
for using the SAML SOAP binding as in SAMLBind; (2) requirement for
having mutual authentication between the requester and the responder;
(3) some requirements on the elements usage; (4) requirements on authN,
integrity and confidentiality. Note this document is only about
interoperability at the protocol level, it does not speak to the
other necessary item here which is a profile for the information
(attributes) within the XACML request/response context." EGEE (Enabling
Grids for E-sciencE) brings together scientists and engineers from
more than 240 institutions in 45 countries world-wide to provide a
seamless Grid infrastructure for e-Science that is available to
scientists 24 hours-a-day. SWITCH [Swiss TeleCommunication System for
Higher Education and Research; Teleinformatikdienste fuer Lehre und
Forschung], Serving Swiss Universities since 1987, represents the
interests of Switzerland as a research centre in numerous bodies and
its key role therefore makes an important contribution to the development
and operation of the Internet in Switzerland. More Information

No comments: