Return-Path: 
 <axis-user-return-12866-apmail-ws-axis-user-archive=ws.apache.org@ws.apache.org>
Delivered-To: apmail-ws-axis-user-archive@ws.apache.org
Received: (qmail 92020 invoked by uid 500); 16 Mar 2003 17:58:02 -0000
Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm
Precedence: bulk
Reply-To: axis-user@ws.apache.org
list-help: <mailto:axis-user-help@ws.apache.org>
list-unsubscribe: <mailto:axis-user-unsubscribe@ws.apache.org>
list-post: <mailto:axis-user@xml.apache.org>
Delivered-To: mailing list axis-user@ws.apache.org
Received: (qmail 91935 invoked from network); 16 Mar 2003 17:58:02 -0000
Message-Id: <4.3.2.7.2.20030316082849.02942aa0@franklin.cisco.com>
X-Sender: riho@franklin.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Sun, 16 Mar 2003 08:38:14 -0800
To: axis-user@ws.apache.org, <axis-user@ws.apache.org>
From: Ricky Ho <riho@cisco.com>
Subject: Re: Authorization using WS security and SAML
In-Reply-To: <0F0DBEBBBDFC0D41A3E5CDDF7EAE6E1820CB4A@blr-itp-msg.wipro.c
 om>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

SAML is about specifying the XML format of your authorization decision 
outcome (authorization assertion).  It also defines a protocol how to 
request the assertion.  SAML doesn't describe how the decision should be 
made.  XACML is attempting to standardize how such decision rules should be 
specified.  So it is completely solving an orthogonal problem.

I'm not sure how important to standardize decision making rules because 
there is NO "inter-operability" requirement for that.  There is NO need to 
communicating how I made my decision to my business partners.  The value of 
XACML is "portability" of my decision criteria across multiple vendor 
products.  However, "portability" has never been a goal for any XML 
standard.  It is arguable how important XACML will be.

Best regards,
ricky

At 06:38 PM 3/16/2003 +0530, Nisha Menon wrote:
>hi,
>
>i am trying to create an authorization module for web services that is 
>independant of the application and to authorize i've chosen to use 
>WS-Security and SAML.
>would anyone on this list be familiar with similar implementation? or have 
>any references for the same?
>also, how does XACML compare to SAML?
>
>thank you,
>
>nisha
>
>**************************Disclaimer************************************
>
>Information contained in this E-MAIL being proprietary to Wipro Limited is
>'privileged' and 'confidential' and intended for use only by the individual
>  or entity to which it is addressed. You are notified that any use, copying
>or dissemination of the information contained in the E-MAIL in any manner
>whatsoever is strictly prohibited.
>
>***************************************************************************