More information from one of the VO Project managers is below.
Alan
-------------------------
Hi Alan,
there are 2 distinct things here
1) using the SAML v2 profile of XACML v2 to convey authorization
assertions from a PEP to a PDP. This is the authorization
interoperability effort, a collaboration between Globus, EGEE / INFN,
OSG / VO Services, and Condor:
http://listserv.fnal.gov/scripts/wa.exe?A2=ind0901e&L=privilege_project&T=0&X=2B9777238D431DBE31&Y=garzogli%40fnal.gov&P=1906
2) embedding SAML v2 assertions in certificate proxies to convey user
attributes, instead of using VOMS attribute certificates. This
effort is
led by INFN / VOMS.
In principle, a natural extension of (1) would be using the SAML
assertions in the proxies from (2) to obtain authorization decisions.
That would work almost immediately with XACML-based PDPs, such as
GPBox
and gJAF. For non-XACML-based PDP, such as GUMS or SAZ, it would
require
integration work.
Hope this helps
Cheers
Gabriele
Alan Sill wrote:
Hi gents,
Can you comment on the following interchange currently taking place
in
the glite-discuss and gt-user lists, please? What is the current
state of SAML2 with respect to the joint authorization project and
specifically VOMS?
Thanks!
Alan
