Bug 5707 – Campaign: Improve C XACML/SAML Engine

Bug 5707 - Campaign: Improve C XACML/SAML Engine

Summary:

Campaign: Improve C XACML/SAML Engine

Status:	ASSIGNED

Product:	GSI C
Component:	Authorization
Version:	development
Platform:	Macintosh All

Importance:	P3 enhancement
Target Milestone:	---
Assigned To:	Joe Bester

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2007-12-06 15:54 by Joe Bester
Modified:	2008-09-06 09:03 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Joe Bester 2007-12-06 15:54:47

Definition:

In the campaign "XACML Authorization Service Interface" (bug #5102) we 
created an initial alpha version of an XACML/SAML authorization service
and client. In this campaign, we address some of the limitations of the
implementation based on the feedback from the initial alpha user community.

Benefits:

This interface provides an authorization service interface that allows
for processing attributes as a part of the request context and
obligations as a part of the response decision.

Tasks:

- Improve I/O interface to have more flexibility to better support SSL.
- Simplify obligation generation for servers
- Add documentation for the client and server APIs
- Add tests for the client and server APIs
- Fix bugs as they are discovered

Resources:
8 days

------- Comment #1 From Joe Bester 2007-12-07 15:55:08 -------

Another bit of feedback is to implement the SOAP profile for XACML-SAML. This
profile is located at http://switch.ch/grid/support/documents/xacmlsaml.pdf

------- Comment #2 From Joe Bester 2008-01-11 11:32:31 -------

The changes in the campaign definition have been committed to the campaign_5707
branch of gsi/xacml.

A new alpha release is now linked off of
http://www-unix.mcs.anl.gov/~bester/xacml/