RE: SAML's authZ token?

Hal,
 
Thanks for the feedback.
 
The first thing came to my mind was the single-sign-on
connotation when "authZ token" was mentioned.
So, does it have the single-sign-on feature in plan?
Also, is "SAML authZ token" an adapted terminology/nomenclature?
 
Regards,
 
Joe Hui
Exodus, a Cable & Wireless service
==============================================

-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Thursday, July 25, 2002 2:10 PM
To: Joseph Hui; www-ws-arch@w3.org
Subject: RE: SAML's authZ token?



SAML is entirely about Authorization. 

There are three types of statements in Assertions. 

1. Authentication Assertion 
2. Attribute Assertion 

These are intended as inputs to authorization decisions. 

3. Authorization Decision Assertion 

This reports the result of an authorization decision. 

Note that SAML says nothing about how authorization decisions are made. This is what XACML is about. 

Hal 

> -----Original Message----- 
> From: Joseph Hui [ mailto:Joseph.Hui@exodus.net] 
> Sent: Wednesday, July 24, 2002 10:18 PM 
> To: www-ws-arch@w3.org 
> Subject: SAML's authZ token? 
> 
> 
> 
> Hi all, 
> 
> I recall someone from the WSAWG mentioned something 
> to the effect of "using SAML"s authorization token" 
> a while ago.  (It had to be "SAML's," as I remember, 
> because "Passport's" or "Liberty Alliance's" or 
> something else's would have been locked into other 
> cells of my memory.) 
> 
> I'm having difficulty locating where and what SAML does 
> about Authorization.  I did read the "Sec & Privacy Cons 
> for SAML" doc, which a colleague of mine cc'ed me a week 
> prior to the last F2F, circa June.  AuthZ was not there. 
> Was I missing something or simply misinformed? 
> 
> Thanks, 
> 
> Joe Hui 
> Exodus, a Cable & Wireless service 
>