[OGSA-AUTHZ] Use of Obligations in the Privilege Project Authorizaiton Infrastructure for OpenScienceGrid
Markus Lorch
mlorch at vt.edu
Tue Feb 22 08:40:36 CST 2005
Sorry guys, I must have selected the wrong file type originally.
A new version (PDF) with the appropriate filetype is at
https://forge.gridforum.org/projects/ogsa-authz/document/SAML-Obligation-Ext
ensions-used-in-OSG/en/2
or alternatively: http://tinyurl.com/5uuke
Markus
> -----Original Message-----
> From: Tom Barton [mailto:tbarton at uchicago.edu]
> Sent: Tuesday, February 22, 2005 7:23 AM
> To: Markus Lorch
> Subject: Re: [OGSA-AUTHZ] Use of Obligations in the Privilege
> Project Authorizaiton Infrastructure for OpenScienceGrid
>
>
> Markus,
>
> I'm not able to open that file - it seems to be a pdf, but
> gridforge has
> it wrapped up as plain text. Could you fix it?
>
> Thanks,
> Tom
>
> Markus Lorch wrote:
> > Hi All,
> >
> > I have written a document for the OGSA AuthZ WG that
> discribes how we
> > use obligations in the privilege project for the Open
> Science Grid.
> > I have uploaded the document to grid forge at
> >
> /projects/ogsa-authz/document/SAML-Obligation-Extensions-used-
> in-OSG/en/1.
> >
> > In short I decided to follow David's proposal for an
> > ObligatedAuthorizationDecisionStatement
> > but used the "Obligation" element as an extension point. I
> then implemented
> > an
> > XACML Obligation. (others could choose to implement
> PonderObligation)
> >
> > I found that all the obligations I want to convey are
> naturally expressed as
> > attribute assignments (see examples in the document). While
> there may be
> > semantic negotiation issues (which we also have for
> standard attributes) I
> > like the possible integration path with XACML over SAML and
> the ease with
> > which
> > I can define an obligation in an XACML policy and have it
> with no effort
> > appear in the decision statement.
> >
> > I continue to believe that we should move away from the
> SAML Authorization
> > Decision Statement towards the use of XACML over SAML in
> the long run.
> > (see my email from Sept. 23, 2004)
> >
> > I won't be able to attend GGF13. Hope y'all have a great meeting
> >
> > Markus
> >
> > ----------------------------------------------------------------
> > Markus Lorch
> > Department of Computer Science Phone: +1 540 231 5914
> > Virginia Tech, m/c 106 Fax: +1 540 231 6075
> > Blacksburg, VA 24061, U.S.A. http://people.cs.vt.edu/~mlorch
> >
>
More information about the ogsa-authz-wg
mailing list