Fermilab Computing Division

CS Document 2603-v1

Authorization Interoperability Meeting on Feb 07, 2008 - Minutes

Document #:
Document type:
Submitted by:
Gabriele Garzoglio
Updated by:
Gabriele Garzoglio
Document Created:
08 Feb 2008, 16:29
Contents Revised:
08 Feb 2008, 16:29
Metadata Revised:
08 Feb 2008, 16:29
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version

- Discussing namespaces: Yuri will investigate if we should use IETF, OGF, or XACML namespaces.
- Discussing comments to the interoperability profile document. Addressed several specific points. Of particular relevance:
-- We will keep mapping obligations separate, as opposed to 1 obligation with multiple attributes. This approach simplifies the maintenance of the obligations.
-- We will keep the indication that an obligation depends on another obligation: this is a constraint to the implementation of the obligation handler, rather than a constraint in the protocol.
-- The XACML issuer is the validator of the namespace (validates the chain that certifies that the DN is authentic). This has a different meaning than the X509 issuer (the entity who signed the X509 cert I.E. the entity that certifies that the DN binds to the private key). We will keep the X509 issuer as a separate attribute of the subject XACML context.
Files in Document:
Associated with Events:
Authorization Interoperability held on 07 Feb 2008
DocDB Home ]  [ Search ] [ Authors ] [ Events ] [ Topics ]

DocDB Version 8.8.10, contact Document Database Administrators