- From: Manuel Gil Perez <manuel@dif.um.es>
- Date: Tue, 17 Oct 2006 22:21:02 +0200
- To: Ed Simon <edsimon@xmlsec.com>
- Cc: www-xkms@w3.org, michael.wilde@yahoo.de
Hi Ed, You're right when you said that we can use a SAML token (including the role name) to fix this specific problem. Although, certainly, we can use SAML in any authorization scenario. The final idea I "propose" is to include privilege management to XKMS, just like a lot of PKIX standards support both identity certificates and attribute certificates nowadays. It was only an idea to provide new capabilities to the current XKMS scenarios. Regards, -- Manuel Gil Perez Quoting Ed Simon: > In a Web Services context, one could look at starting with an X.509 token > and then exchanging that, through WS-Trust, for a related SAML token > containing the role information. > > Michael, Manuel, does that sound like it would suit your problem scenario? > > Regards, Ed > _____________________ > Ed Simon <edsimon@xmlsec.com> > Principal, XMLsec Inc. > (613) 726-9645 > > Interested in XML, Web Services, or Security? Visit "http://www.xmlsec.com". > > -----Original Message----- > From: Stephen Farrell > Sent: October 17, 2006 08:14 > To: Michael Wilde > Cc: www-xkms@w3.org > Subject: Re: XKMS and X509v3 attributes, where to put them in? > > Michael Wilde wrote: >> This raises the question: is there any standardized request/response >> protocol available for the communication with an Attribute Authority yet? > > SAML. > > S.
Received on Tuesday, 17 October 2006 20:18:42 UTC