Common SAML attribute profile phone meeting 09.28.2010

Attendees: Andrea Ceccanti, Aleksander Konstantinov, Valery Tschopp,Krzysztof Benedyczak, Ali Gholami

Short report

Characterisation of SAML usage in existing middleware

No production use of SAML for gLite and ARC.
SAML assertions used in UNICORE to carry VO membership attributes that are used for authorization purposes.

Common SAML attribute profile

Chemomentum VO SAML profile is a good starting point but:

Attribute value syntax quite complex, maybe we can come up with something simpler.
Does not cover the concept of primary attribute (crucial for existing infrastructure)

Requirements

Simple mapping of SAML to XACML attributes conforming to the XACML attribute profile rules defined in section 8.5 of SAML profiles document and SAML 2.0 profile of XACML 2.0.
Definition of scoped attribute values (roles scoped in groups, voms-ga scoped in voms-fqans etc...)
Definition of VO membership attribute
Definition of VO group membership attribute
Definition of VO role posession attribute
Support for VOMS fqans (bag of fqans + primary fqan)
Support for VOMS generic attributes

Starting from this requirements here is the link to a strawman proposal on which we can base further discussions:

Common profile strawman proposal

-- AndreaCeccanti - 28-Sep-2010

Attachments

Topic attachments
I	Attachment	History	Action	Size	Date	Who	Comment
odt	VO-SAML-profile-C9mAndOMII.odt	r1	manage	54.6 K	2010-10-12 - 15:50	UnknownUser	Chemomentum VO SAML profile

Topic revision: r4 - 2010-10-12 - unknown

Public webs

- Cern Search
- TWiki Search
- Google Search
EMI All webs

Copyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback