Bug 3528

Summary:	Action Operation Namespace in SAML Authorization Callout
Product:	Java WS Security	Reporter:	David Del Vecchio <ddelvecc@virginia.edu>
Component:	Authorization	Assignee:	Rachana Ananthakrishnan <ranantha@mcs.anl.gov>
Status:	RESOLVED FIXED
Severity:	minor	CC:	meder@mcs.anl.gov
Priority:	P3
Version:	4.0.0
Target Milestone:	---
Hardware:	PC
OS:	All

Description From David Del Vecchio 2005-06-28 11:49:47

When the SAML authz callout makes an authorization request it includes an
Action
element consisting of both a Namespace attribute and a text string. For
operation invocations, the OGSA Authz Service spec defines the proper action
Namespace as:
http://www.gridforum.org/namespaces/2003/06/ogsa-authz/saml/action/operation

but the SAML authz callout currently uses:
http://www.gridforum.org/namespaces/2003/06/ogsa-authorization/saml/action/operation

The class
org.globus.wsrf.impl.security.authorization.SAMLAuthorizationConstants
seems to contain the offending string constant.

------- Comment #1 From Rachana Ananthakrishnan 2005-07-18 14:55:25 -------

Fixed in trunk and 4.0 branch.