Description
XACML Profile for SAML 2.0, Working Draft 03.
It includes
the specification and two schema: one extending the SAML 2.0
Assertion schema and the other extending the SAML 2.0 Protocol
schema.
This profile specifies:
o Use of existing SAML AttributeQuery and AttributeStatement to
request, store, and convert SAML Attributes to XACML
Attributes.
o New SAML extensions XACMLAuthzDecisionQuery and
XACMLAuthzDecisionStatement for requesting, responding with,
and storing an XACML Authorization Decision.
o New SAML extensions XACMLPolicyQuery and XACMLPolicyStatement
for requesting, responding with, and storing XACML Policy or
PolicySet instances.
The only changes made between Draft 02 and Draft 03 were minor
edits and the changes needed to make the Profile conform to the
current SAML 2.0 specification and schemas. The extensions were
much easier to do this time! I also changed
XACMLAuthorizationDecisionQuery/Statement to
XACMLAuthzDecisionQuery/Statement, since SAML changed their
corresponding names.