8 Replies Latest reply on Jun 28, 2010 10:50 AM by Anil Saldanha

    PicketLink STS to send XACML Authorization Decisions

    Anil Saldanha Master

      In PicketLink, we have demonstrated the return of XACML Authorization Decisions along with the authentication details back as SAML Assertions from the Identity Provider as part of SAML Web Browser based SSO.


      We need to extend this concept to the PicketLink STS which will return authz statements as part of the saml tokens, if configured.


      Now the client talking to the STS requiring the authz decisions will typically be enforcements points (PEP) in applications.


      • What needs to be thought out is how would the request look like?
      • Maybe we need to enhance the WSTrustClient api a bit to request authorization decisions also.