W3C home > Mailing lists > Public > www-ws-arch@w3.org > July 2002

RE: SAML's authZ token?

From: Hal Lockhart <hal.lockhart@entegrity.com>
Date: Thu, 25 Jul 2002 17:10:01 -0400
Message-ID: <899128A30EEDD1118FC900A0C9C74A34010341A5@bigbird.gradient.com>
To: "'Joseph Hui'" <Joseph.Hui@exodus.net>, www-ws-arch@w3.org
SAML is entirely about Authorization.

There are three types of statements in Assertions.

1. Authentication Assertion
2. Attribute Assertion

These are intended as inputs to authorization decisions.

3. Authorization Decision Assertion

This reports the result of an authorization decision.

Note that SAML says nothing about how authorization decisions are made. This
is what XACML is about.


> -----Original Message-----
> From: Joseph Hui [mailto:Joseph.Hui@exodus.net]
> Sent: Wednesday, July 24, 2002 10:18 PM
> To: www-ws-arch@w3.org
> Subject: SAML's authZ token?
> Hi all,
> I recall someone from the WSAWG mentioned something
> to the effect of "using SAML"s authorization token"
> a while ago.  (It had to be "SAML's," as I remember,
> because "Passport's" or "Liberty Alliance's" or
> something else's would have been locked into other
> cells of my memory.)
> I'm having difficulty locating where and what SAML does
> about Authorization.  I did read the "Sec & Privacy Cons
> for SAML" doc, which a colleague of mine cc'ed me a week
> prior to the last F2F, circa June.  AuthZ was not there.
> Was I missing something or simply misinformed?
> Thanks,
> Joe Hui
> Exodus, a Cable & Wireless service
Received on Thursday, 25 July 2002 17:11:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:40:57 UTC