Authorization Interoperability Meeting on Oct 30, 2007 - Minutes

Gabriele Garzoglio
Gabriele Garzoglio
01 Nov 2007, 14:10
01 Nov 2007, 14:10
01 Nov 2007, 14:16
  • Public document
- Testing the Globus XACML library in the gJAF framework
Yuri and Hakon have run tests. Discussed the need to have multiple subjects
AND multiple attributes in subject, resource, and action. Also, it is
desirable that the GT library supports metadata defined in opensal and xacml,
as much as possible. Rachana will check how the GT lib behaves when encountering
multiple subjects: for now the behavior will not be changed, since there are
no concrete use cases for multiple <subjects> and people can create contexts
with multiple subjects by accessing the low level XACML APIs.
Rachana will add an API to the GT utility lib to add multiple attributes.

Yuri and Hakon will work with CNAF to test the lib with GPBox. They are waiting
for a fix of the GT lib on attribute types, before being able to work. Rachana
will try to provide the fix on Fri. At the end of the tests, Yuri and CNAF will
provide real examples of XACML policies and of obligations for our use cases.

- Schema of the user attributes
These are the attributes sent from the PEP to the PDP. We will put them in subject.
We agreed to having the attribute "primary_fqan" for the primary fqan AND the
attribute "fqan" for all secondary fqans. Eventually, we may deprecate
"primary_fqan" and use "fqan" for all the attributes.

Authorization Interoperability held on 30 Oct 2007
