W3C home > Mailing lists > Public > www-ws-arch@w3.org > July 2002

RE: SAML's authZ token?

From: Hal Lockhart <hal.lockhart@entegrity.com>
Date: Thu, 25 Jul 2002 18:07:30 -0400
Message-ID: <899128A30EEDD1118FC900A0C9C74A34010341A9@bigbird.gradient.com>
To: "'Joseph Hui'" <Joseph.Hui@exodus.net>, Hal Lockhart <hal.lockhart@entegrity.com>, www-ws-arch@w3.org
Single signon can be built using the AuthN statement in an assertion (as in
Liberty) or by both an AuthN and Attribute statements in an assertion (as in
the 2 SAML Browser Profiles).
Neither of these is a generalized network single signon. They are attempts
in a Web context to work around the limitations of current browsers and the
HTTP protocol.
SAML authZ token is not a term you will find in any of the SAML docs. I
suspect it came from a WS-Security context, as the IBM/MS/Verisign proposal
uses the term "security token".

-----Original Message-----
From: Joseph Hui [mailto:Joseph.Hui@exodus.net]
Sent: Thursday, July 25, 2002 5:20 PM
To: Hal Lockhart; www-ws-arch@w3.org
Subject: RE: SAML's authZ token?

Thanks for the feedback.
The first thing came to my mind was the single-sign-on
connotation when "authZ token" was mentioned.
So, does it have the single-sign-on feature in plan?
Also, is "SAML authZ token" an adapted terminology/nomenclature?
Joe Hui
Exodus, a Cable & Wireless service

-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Thursday, July 25, 2002 2:10 PM
To: Joseph Hui; www-ws-arch@w3.org
Subject: RE: SAML's authZ token?

SAML is entirely about Authorization. 

There are three types of statements in Assertions. 

1. Authentication Assertion 
2. Attribute Assertion 

These are intended as inputs to authorization decisions. 

3. Authorization Decision Assertion 

This reports the result of an authorization decision. 

Note that SAML says nothing about how authorization decisions are made. This
is what XACML is about. 


> -----Original Message----- 
> From: Joseph Hui [ mailto:Joseph.Hui@exodus.net
<mailto:Joseph.Hui@exodus.net> ] 
> Sent: Wednesday, July 24, 2002 10:18 PM 
> To: www-ws-arch@w3.org 
> Subject: SAML's authZ token? 
> Hi all, 
> I recall someone from the WSAWG mentioned something 
> to the effect of "using SAML"s authorization token" 
> a while ago.  (It had to be "SAML's," as I remember, 
> because "Passport's" or "Liberty Alliance's" or 
> something else's would have been locked into other 
> cells of my memory.) 
> I'm having difficulty locating where and what SAML does 
> about Authorization.  I did read the "Sec & Privacy Cons 
> for SAML" doc, which a colleague of mine cc'ed me a week 
> prior to the last F2F, circa June.  AuthZ was not there. 
> Was I missing something or simply misinformed? 
> Thanks, 
> Joe Hui 
> Exodus, a Cable & Wireless service 
Received on Thursday, 25 July 2002 18:09:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:40:57 UTC