Features for Future Versions
McGovern, James F (HTSC, IT)
James.McGovern at thehartford.com
Thu Apr 5 14:10:55 UTC 2007
Les, your scenario sounds similar to what we would like to see
accomplished. Your phrase "I could have each application just write code
via some API" feels like this is an opportunity for using the Oasis
XACML specification. Most folks here are familiar with SAML which by the
way supports an XACML profile. It seems as if folks are stuck solely on
attribute exchange with is probably suitable for consumerish stuff but
XACML would be better suited for B2B scenarios.
-----Original Message-----
From: Chasen, Les [mailto:les.chasen at neustar.biz]
Sent: Monday, April 02, 2007 2:49 PM
To: Drummond Reed; Dick Hardt; McGovern, James F (HTSC, IT)
Cc: specs at openid.net
Subject: RE: Features for Future Versions
I also agree with the feedback however I wanted to just pass along how I
am using authentication and authorization on a series of applications
that I am working on.
I have a couple of applications that use standard openid authentication
using XRDS documents but they also require the user to be authorized to
use particular resources. In most cases authorization can be
accomplished by profile data in a local database. In my case, though,
the authorization comes from data in a third party database. I could
have each application just write code via some API to the third party
data source but I also want to provide for this capability to be
federated to multiple trusted sources. I am therefore taking advantage
of the service end point selection capability described in the XRI
resolution spec at
http://www.oasis-open.org/committees/download.php/17293.
contact: =les
sip: =les/(+phone)
chat: =les/skype/chat
*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information. If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited. If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************
More information about the specs
mailing list