- From: Joseph Hui <Joseph.Hui@exodus.net>
- Date: Thu, 25 Jul 2002 17:35:08 -0700
- To: "Hal Lockhart" <hal.lockhart@entegrity.com>, <www-ws-arch@w3.org>
- Message-ID: <45258A4365C6B24A9832BFE224837D5523BC4F@SJDCEX01.int.exodus.net>
Thanks, Hal. Joe Hui Exodus, a Cable & Wireless service ============================================== -----Original Message----- From: Hal Lockhart [mailto:hal.lockhart@entegrity.com] Sent: Thursday, July 25, 2002 3:08 PM To: Joseph Hui; Hal Lockhart; www-ws-arch@w3.org Subject: RE: SAML's authZ token? Single signon can be built using the AuthN statement in an assertion (as in Liberty) or by both an AuthN and Attribute statements in an assertion (as in the 2 SAML Browser Profiles). Neither of these is a generalized network single signon. They are attempts in a Web context to work around the limitations of current browsers and the HTTP protocol. SAML authZ token is not a term you will find in any of the SAML docs. I suspect it came from a WS-Security context, as the IBM/MS/Verisign proposal uses the term "security token". Hal -----Original Message----- From: Joseph Hui [mailto:Joseph.Hui@exodus.net] Sent: Thursday, July 25, 2002 5:20 PM To: Hal Lockhart; www-ws-arch@w3.org Subject: RE: SAML's authZ token? Hal, Thanks for the feedback. The first thing came to my mind was the single-sign-on connotation when "authZ token" was mentioned. So, does it have the single-sign-on feature in plan? Also, is "SAML authZ token" an adapted terminology/nomenclature? Regards, Joe Hui Exodus, a Cable & Wireless service ============================================== -----Original Message----- From: Hal Lockhart [mailto:hal.lockhart@entegrity.com] Sent: Thursday, July 25, 2002 2:10 PM To: Joseph Hui; www-ws-arch@w3.org Subject: RE: SAML's authZ token? SAML is entirely about Authorization. There are three types of statements in Assertions. 1. Authentication Assertion 2. Attribute Assertion These are intended as inputs to authorization decisions. 3. Authorization Decision Assertion This reports the result of an authorization decision. Note that SAML says nothing about how authorization decisions are made. This is what XACML is about. Hal > -----Original Message----- > From: Joseph Hui [ mailto:Joseph.Hui@exodus.net] > Sent: Wednesday, July 24, 2002 10:18 PM > To: www-ws-arch@w3.org > Subject: SAML's authZ token? > > > > Hi all, > > I recall someone from the WSAWG mentioned something > to the effect of "using SAML"s authorization token" > a while ago. (It had to be "SAML's," as I remember, > because "Passport's" or "Liberty Alliance's" or > something else's would have been locked into other > cells of my memory.) > > I'm having difficulty locating where and what SAML does > about Authorization. I did read the "Sec & Privacy Cons > for SAML" doc, which a colleague of mine cc'ed me a week > prior to the last F2F, circa June. AuthZ was not there. > Was I missing something or simply misinformed? > > Thanks, > > Joe Hui > Exodus, a Cable & Wireless service >
Received on Thursday, 25 July 2002 20:34:18 UTC