Re: [higgins-dev] RP Policy discussed during the higgins call

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [higgins-dev] RP Policy discussed during the higgins call

From: Anthony Nadalin <drsecure@xxxxxxxxxx>
Date: Fri, 27 Oct 2006 09:31:38 -0500
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <http://eclipse.org/pipermail/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>

I don't believe that XACML is the best language for what the relying party needs to express, its fact that we will have to support WS-Policy assertions and in particular WS-SecurityPolicy assertions for interoperability with Cardspace, so at a minimum we should be compatible with WS-Policy and allow the same intersections when it comes to assertions.

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Dieter M Sommer <DSO@xxxxxxxxxxxxxx>

Dieter M Sommer <DSO@xxxxxxxxxxxxxx>

Sent by: higgins-dev-bounces@xxxxxxxxxxx

10/26/2006 12:31 PM

Please respond to
"Higgins \(Trust Framework\) Project developer discussions" <higgins-dev@xxxxxxxxxxx>

To	"Higgins (Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx>
cc
Subject	Re: [higgins-dev] RP Policy discussed during the higgins call

Hi, our current discussions are on an abstract level, yet independent of a concrete syntactical representation. Thus, we are still open to go for a new language or using extensions of an existing one, provided that this fulfills all our requirements, such as the general evidence specification used for third-party endorsed attributes and the requirements Paul was referring to. An extension of an existing language would have to be clean in the sense that extensions are only done for well-defined extension points. Furthermore, the extensions of existing evaluation engines would have to be doable in clean way. Looking forward to discuss those issues such that we can come up with the best possible solution for Higgins. Cheers, Dieter. higgins-dev-bounces@xxxxxxxxxxx wrote on 10/26/2006 06:52:53 PM: >http://wiki.eclipse.org/index.php/Relying_Party_Security_Policy> > I joined the call late, and just caught the very last part of this > discussion so I apologize if this issue was covered. I was curious > about why we are proposing a new assertion language for the Relying > Party when there are several language definitions already out there, > as well as execution / evaluation engines for those languages. I > would hate to have many policy languages evaluated and translated > across the Higgins infrastructure. > > One example of using XACML as WS-Policy constraints was described here >http://research.sun.com/projects/xacml/ws-policy-constraints-current.pdf> I have successfully used thehttp://sunxacml.sourceforge.net/> evaluation engine to evaluate predicates outside of authorization policy. > > > Duane_______________________________________________ > higgins-dev mailing list > higgins-dev@xxxxxxxxxxx >https://dev.eclipse.org/mailman/listinfo/higgins-dev_______________________________________________ higgins-dev mailing list higgins-dev@xxxxxxxxxxxhttps://dev.eclipse.org/mailman/listinfo/higgins-dev

References:
- Re: [higgins-dev] RP Policy discussed during the higgins call
  - From: Dieter M Sommer

Prev by Date: Re: [higgins-dev] Building STS components
Next by Date: Re: [higgins-dev] Notes from higgins-dev call Thursday October 26 12-1pm ET
Previous by thread: Re: [higgins-dev] RP Policy discussed during the higgins call
Next by thread: [higgins-dev] Notes from higgins-dev call Thursday October 26 12-1pm ET
Index(es):
- Date
- Thread

Breadcrumbs