Hi All;
I am trying to specify that the client need a SMAL assertion included
in the request by specifying it using WS-Policy. The Assertion is a
token issued by third part which act as a capability token.
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
<Conditions NotBefore="2006-02-03T17:39:57.240Z"
NotOnOrAfter="2006-02-03T18:09:57.240Z">
<AudienceRestrictionCondition> ...
</AudienceRestrictionCondition>
</Conditions>
<AuthorizationDecisionStatement
Resource="http://www.extreme.indiana.edu/lead/TestCMD_Simple_Fri_Feb_03_12_39_52_EST_2006_653199";
Decision="Permit">
<Subject>
<NameIdentifier>/C=US/O=Indiana
University/OU=Computer Science/CN=Hemapani Srinath
Perera</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
<Action
Namespace="http://www.extreme.indiana.edu/lead";>Run</Action>
</AuthorizationDecisionStatement>
<ds:Signature> .... </ds:Signature>
</Assertion>
I find two options to do that so far,
1) IssuedToken Assertion, as by the 6.3.2 IssuedToken Assertion of
WS-Secuirty Policy Specification
2) SMAL Assertion, as by 6.3.8 SamlToken Assertion of WS-Secuirty
Policy Specification
If anyone has use either of the method, please give me a pointer
1) can anybody recommend using one over the other? Or a better way to do it
2) Can do anyone have a example of using either kind of Policy assertion?
Thanks
Srinath
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
