<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
FYI...<div><br></div><div><div> <span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><div>Phil Hunt</div><div>Oracle</div><br class="Apple-interchange-newline"></span></span></span></span></span></span></span></span></span> </div><div><br><div>Begin forwarded message:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Helvetica" size="3" color="#000000" style="font: 12.0px Helvetica; color: #000000"><b>From: </b></font><font face="Helvetica" size="3" style="font: 12.0px Helvetica">Anthony Nadalin <<a href="mailto:drsecure@us.ibm.com">drsecure@us.ibm.com</a>></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Helvetica" size="3" color="#000000" style="font: 12.0px Helvetica; color: #000000"><b>Date: </b></font><font face="Helvetica" size="3" style="font: 12.0px Helvetica">November 30, 2007 1:15:58 PM PST (CA)</font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Helvetica" size="3" color="#000000" style="font: 12.0px Helvetica; color: #000000"><b>To: </b></font><font face="Helvetica" size="3" style="font: 12.0px Helvetica">"Higgins \(Trust Framework\) Project developer discussions" <<a href="mailto:higgins-dev@eclipse.org">higgins-dev@eclipse.org</a>></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Helvetica" size="3" color="#000000" style="font: 12.0px Helvetica; color: #000000"><b>Cc: </b></font><font face="Helvetica" size="3" style="font: 12.0px Helvetica"><a href="mailto:higgins-dev-bounces@eclipse.org">higgins-dev-bounces@eclipse.org</a>, <a href="mailto:igf-dev@lists.openliberty.org">igf-dev@lists.openliberty.org</a>, "Higgins \(Trust Framework\) Project developer discussions" <<a href="mailto:higgins-dev@eclipse.org">higgins-dev@eclipse.org</a>></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Helvetica" size="3" color="#000000" style="font: 12.0px Helvetica; color: #000000"><b>Subject: </b></font><font face="Helvetica" size="3" style="font: 12.0px Helvetica"><b>Re: [higgins-dev] Notes from a teleconf meeting wrt IGF</b></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Helvetica" size="3" color="#000000" style="font: 12.0px Helvetica; color: #000000"><b>Reply-To: </b></font><font face="Helvetica" size="3" style="font: 12.0px Helvetica">"Higgins \(Trust Framework\) Project developer discussions" <<a href="mailto:higgins-dev@eclipse.org">higgins-dev@eclipse.org</a>></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><br></div> <p>Phil, this document is as you point out partial as it was taken from a much larger scope document (IDEMIX) that we have and was specifically scoped to the RP, but the overall document and concept behind IDEMIX is not just RP. The policy aspects cover all parties involved, IdP, Identity Agents and RP and it not limited to WS-Federation, we use the WS-Policy constructs since that is a standards base policy framework. We also wanted to fit with the Claims framework to be able to expand upon beyond what Cardspace has done, yet be compatible<br> <br> In our analyses the "AAPML" spec is a bit like EPAL profile in XACML and "CARML" spec is like a token request specification, </p><ul type="disc"> <li></li></ul> <br> <br> Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122<br> <br> <img src="cid:3FEB6570-6D60-4996-8F8A-A021A4D62512@local"><font color="#424282">Phil Hunt ---11/30/2007 02:38:33 PM---Thanks for the link.</font><br> <br> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tbody><tr valign="top"><td width="1%"><img src="cid:53264CE3-251C-4832-8CDE-AF7E40CFFD97@local"><br> <font size="2" color="#5F5F5F">From:</font></td><td width="100%"><img src="cid:51589EF1-7ECE-428B-B751-70618A4C4DFF@local"><br> <font size="2">Phil Hunt <<a href="mailto:phil.hunt@oracle.com">phil.hunt@oracle.com</a>></font></td></tr> <tr valign="top"><td width="1%"><img src="cid:6F53DFF6-42CD-4D99-A2C3-20FDFA317384@local"><br> <font size="2" color="#5F5F5F">To:</font></td><td width="100%"><img src="cid:5D6B2401-1492-4295-BA9F-A03E91BC1993@local"><br> <font size="2">"Higgins (Trust Framework) Project developer discussions" <<a href="mailto:higgins-dev@eclipse.org">higgins-dev@eclipse.org</a>></font></td></tr> <tr valign="top"><td width="1%"><img src="cid:EBBB6D24-DC85-4E9F-9179-C0E951942069@local"><br> <font size="2" color="#5F5F5F">Cc:</font></td><td width="100%" valign="middle"><img src="cid:21DA75EE-A2A3-42E2-84B8-48E9B41912DC@local"><br> <font size="2"><a href="mailto:igf-dev@lists.openliberty.org">igf-dev@lists.openliberty.org</a></font></td></tr> <tr valign="top"><td width="1%"><img src="cid:FA2D40EC-D648-4F82-A97F-4610C874EBFF@local"><br> <font size="2" color="#5F5F5F">Date:</font></td><td width="100%"><img src="cid:9F0CA4F4-2B30-4A3F-BB01-93F1C799395D@local"><br> <font size="2">11/30/2007 02:38 PM</font></td></tr> <tr valign="top"><td width="1%"><img src="cid:38CA0D87-3613-4904-9F4E-D68FBC20FC69@local"><br> <font size="2" color="#5F5F5F">Subject:</font></td><td width="100%"><img src="cid:8872B69D-067A-465B-B8D6-FFC749B37504@local"><br> <font size="2">Re: [higgins-dev] Notes from a teleconf meeting wrt IGF</font></td></tr> </tbody></table> <hr width="100%" size="2" align="left" noshade="" style="color:#8091A5; "><br> <br> <br> <font size="4">Thanks for the link.</font><br> <br> <font size="4">The document referenced (Relying Party Security Policy) is definitely important. But at this stage seems preliminary since it implies only a single protocol scenario. [aside...the ontology links are broken] By this I mean, we need to take that document and further expand on it.</font><br> <br> <font size="4">The major component of policy referred to in Relying Party Security Policy document is what I would call relying party web policy. It describes only what information is needed to be transferred and how it is to be transferred (i.e. WS-SecurityPolicy). IGF doesn't conflict with what already exists in WS-SecurityPolicy, but rather adds more context and more information. </font><br> <br> <font size="4">IGF answers more of the following issues:</font><br> <font size="4">* How do attribute authorities (e.g. Identity Providers) that hold information decide to accept and release information? </font><br> <font size="4">* Consent can raise transactional conditions that must be accounted for. E.g. two partners might agree on how to generally share information enabling a general flow. However, user-consent may indicate special conditions (e.g. suppression or filtering of specific claims, denial of claims, or special conditions such as "do not propagate").</font><br> <font size="4">* Context - there is a greater need in fine-grained authorization to fully define the context under which information is released. This means being able to transmit both the credentials of the application, the end-user involved, and potentially a transaction name and purpose (e.g. legal context).</font><br> <font size="4">* From an consuming application perspective (relying party), WS-SecPol describes attributes and how they are to be delivered. It does not document the applications intended use of data. CARML provides additional meta data gives the Attribute Authority more context to approve the release of information. CARML and WS-SecPol definitely have a relationship and should support each other. The nature of that relationship needs to be defined more clearly.</font><br> <br> <a href="http://wiki.eclipse.org/Relying_Party_Security_Policy"><u><font size="4" color="#0000EB">http://wiki.eclipse.org/Relying_Party_Security_Policy</font></u></a><font size="4"> is a good early document and useful for discussion within the Higgins framework and within IGF. It represents the case where IGF is applied in a WS-Fed scenario. I'd be happy to reference this material from the openLiberty site if you like. I think it is important that we support and build on these ideas.</font><br> <br> <font size="2">Phil Hunt</font><br> <font size="2">Oracle</font><br> <br> <br> <font size="4">On 29-Nov-07, at 6:25 PM, Anthony Nadalin wrote:</font><br> <ul> <ul><font size="4">Here is the general policy language description that drives the enhanced privacy support in Higgins </font><a href="http://wiki.eclipse.org/Relying_Party_Security_Policy"><u><font size="4" color="#0000FF">http://wiki.eclipse.org/Relying_Party_Security_Policy</font></u></a><font size="4">.<br> <br> Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122<br> <br> <graycol.gif></font><font size="4" color="#424282">Phil Hunt ---11/28/2007 03:41:08 PM---Tony...what are you referring to exactly?</font><font size="4"><br> </font> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tbody><tr valign="top"><td width="15%"><font size="4"><ecblank.gif></font><font color="#5F5F5F"><br> From:</font></td><td width="85%"><font size="4"><ecblank.gif></font><br> Phil Hunt <<a href="mailto:phil.hunt@oracle.com"><u><font color="#0000FF">phil.hunt@oracle.com</font></u></a>></td></tr> <tr valign="top"><td width="15%"><font size="4"><ecblank.gif></font><font color="#5F5F5F"><br> To:</font></td><td width="85%"><font size="4"><ecblank.gif></font><br> "Higgins (Trust Framework) Project developer discussions" <<a href="mailto:higgins-dev@eclipse.org"><u><font color="#0000FF">higgins-dev@eclipse.org</font></u></a>></td></tr> <tr valign="top"><td width="15%"><font size="4"><ecblank.gif></font><font color="#5F5F5F"><br> Cc:</font></td><td width="85%" valign="middle"><font size="4"><ecblank.gif></font><u><font color="#0000FF"><br> </font></u><a href="mailto:higgins-dev-bounces@eclipse.org"><u><font color="#0000FF">higgins-dev-bounces@eclipse.org</font></u></a></td></tr> <tr valign="top"><td width="15%"><font size="4"><ecblank.gif></font><font color="#5F5F5F"><br> Date:</font></td><td width="85%"><font size="4"><ecblank.gif></font><br> 11/28/2007 03:41 PM</td></tr> <tr valign="top"><td width="15%"><font size="4"><ecblank.gif></font><font color="#5F5F5F"><br> Subject:</font></td><td width="85%"><font size="4"><ecblank.gif></font><br> Re: [higgins-dev] Notes from a teleconf meeting wrt IGF</td></tr> </tbody></table> <hr width="100%" size="2" align="left" noshade=""><font size="4"><br> <br> </font><font size="5"><br> Tony...what are you referring to exactly?</font><font size="4"><br> </font><font face="Arial"><br> Phil Hunt<br> Oracle</font><font size="4"><br> <br> </font><font size="5"><br> On 28-Nov-07, at 1:00 PM, Anthony Nadalin wrote:</font> <ul> <ul> <ul> <ul><font size="5">Not seeing any value with IGF, we already have claims and policy that can express what IGF is supposed to be able to express, so maybe the IGF folks can just pickup what has been done with defining the claims.<br> <br> Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122<br> <br> <graycol.gif></font><font size="5" color="#424282">"Jim Sermersheim" ---11/28/2007 02:45:24 PM---To try and push ahead on fleshing out what it would take to consume Higgins by the IGF, or implement parts of it in Higgins, we</font> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tbody><tr valign="top"><td width="25%"><font size="5"><ecblank.gif></font><font size="4" color="#5F5F5F"><br> From:</font></td><td width="75%"><font size="5"><ecblank.gif></font><font size="4"><br> "Jim Sermersheim" <</font><a href="mailto:jimse@novell.com"><u><font size="4" color="#0000FF">jimse@novell.com</font></u></a><font size="4">></font></td></tr> <tr valign="top"><td width="25%"><font size="5"><ecblank.gif></font><font size="4" color="#5F5F5F"><br> To:</font></td><td width="75%"><font size="5"><ecblank.gif></font><font size="4"><br> <</font><a href="mailto:higgins-dev@eclipse.org"><u><font size="4" color="#0000FF">higgins-dev@eclipse.org</font></u></a><font size="4">></font></td></tr> <tr valign="top"><td width="25%"><font size="5"><ecblank.gif></font><font size="4" color="#5F5F5F"><br> Date:</font></td><td width="75%"><font size="5"><ecblank.gif></font><font size="4"><br> 11/28/2007 02:45 PM</font></td></tr> <tr valign="top"><td width="25%"><font size="5"><ecblank.gif></font><font size="4" color="#5F5F5F"><br> Subject:</font></td><td width="75%"><font size="5"><ecblank.gif></font><font size="4"><br> [higgins-dev] Notes from a teleconf meeting wrt IGF</font></td></tr> </tbody></table> <hr width="100%" size="2" align="left" noshade=""><font size="5"><br> <br> <br> To try and push ahead on fleshing out what it would take to consume Higgins by the IGF, or implement parts of it in Higgins, we had a chat on the phone with Phil Hunt. Primarily, the call was geared toward sharing descriptions of architecture (understanding how IdAS works and understanding the IGF architecture).</font><font size="6"> </font><font size="5"><br> <br> I put notes here </font><a href="http://wiki.eclipse.org/20071128_IGF_teleconf_notes"><i><u><font size="5" color="#0000FF">http://wiki.eclipse.org/20071128_IGF_teleconf_notes</font></u></i></a><font size="6"> </font><font size="5"><br> which are pointed at from here </font><a href="http://wiki.eclipse.org/IGF_Integration"><i><u><font size="5" color="#0000FF">http://wiki.eclipse.org/IGF_Integration</font></u></i></a><font size="6"> </font><font size="5"><br> which is pointed at from here </font><a href="http://wiki.eclipse.org/Identity_Attribute_Service"><i><u><font size="5" color="#0000FF">http://wiki.eclipse.org/Identity_Attribute_Service</font></u></i></a><font size="6"> </font><p><font size="5"><br> I'll start a new thread (continuing an old one) on Idas API extensibility which was one of the work items that came from the call.</font><font size="6"> </font> </p><p><font size="5"><br> Jim</font><font size="6"> </font><tt><font size="5">_______________________________________________<br> higgins-dev mailing list</font></tt><u><font size="4" color="#0000FF"><br> </font></u><a href="mailto:higgins-dev@eclipse.org"><tt><u><font size="5" color="#0000FF">higgins-dev@eclipse.org</font></u></tt></a><u><font size="4" color="#0000FF"><br> </font></u><a href="https://dev.eclipse.org/mailman/listinfo/higgins-dev"><tt><u><font size="5" color="#0000FF">https://dev.eclipse.org/mailman/listinfo/higgins-dev</font></u></tt></a><font size="5"><br> <br> <graycol.gif><ecblank.gif>_______________________________________________<br> higgins-dev mailing list</font><u><font size="4" color="#0000FF"><br> </font></u><a href="mailto:higgins-dev@eclipse.org"><u><font size="5" color="#0000FF">higgins-dev@eclipse.org</font></u></a><u><font size="4" color="#0000FF"><br> </font></u><a href="https://dev.eclipse.org/mailman/listinfo/higgins-dev"><u><font size="5" color="#0000FF">https://dev.eclipse.org/mailman/listinfo/higgins-dev</font></u></a></p></ul> </ul> </ul> </ul> <tt><font size="4">_______________________________________________<br> higgins-dev mailing list</font></tt><tt><u><font size="4" color="#0000FF"><br> </font></u></tt><a href="mailto:higgins-dev@eclipse.org"><tt><u><font size="4" color="#0000FF">higgins-dev@eclipse.org</font></u></tt></a><tt><u><font size="4" color="#0000FF"><br> </font></u></tt><a href="https://dev.eclipse.org/mailman/listinfo/higgins-dev"><tt><u><font size="4" color="#0000FF">https://dev.eclipse.org/mailman/listinfo/higgins-dev</font></u></tt></a><font size="4"><br> <br> <graycol.gif><ecblank.gif></font><br> <font size="4">_______________________________________________</font><br> <font size="4">higgins-dev mailing list</font><br> <a href="mailto:higgins-dev@eclipse.org"><u><font size="4" color="#0000FF">higgins-dev@eclipse.org</font></u></a><br> <a href="https://dev.eclipse.org/mailman/listinfo/higgins-dev"><u><font size="4" color="#0000FF">https://dev.eclipse.org/mailman/listinfo/higgins-dev</font></u></a></ul> </ul> <tt>_______________________________________________<br> higgins-dev mailing list<br> <a href="mailto:higgins-dev@eclipse.org">higgins-dev@eclipse.org</a><br> </tt><tt><a href="https://dev.eclipse.org/mailman/listinfo/higgins-dev">https://dev.eclipse.org/mailman/listinfo/higgins-dev</a></tt><tt><br> </tt><br> <img src="cid:1__=09BBF930DFE0E64A8f9e8a93df938@us.ibm.com"><img src="cid:2__=09BBF930DFE0E64A8f9e8a93df938@us.ibm.com"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">_______________________________________________</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">higgins-dev mailing list</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><a href="mailto:higgins-dev@eclipse.org">higgins-dev@eclipse.org</a></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><a href="https://dev.eclipse.org/mailman/listinfo/higgins-dev">https://dev.eclipse.org/mailman/listinfo/higgins-dev</a></div> </blockquote></div><br></div></body></html>