Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-08-05

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:25 aldaris joined #openam
05:00 ramteid joined #openam
05:53 pfreixes joined #openam
06:02 hos001 joined #openam
07:07 sikor_sxe joined #openam
08:17 aldaris joined #openam
08:42 aldaris joined #openam
08:42 khushildep joined #openam
08:55 hos001_ joined #openam
09:34 aldaris joined #openam
10:05 aldaris joined #openam
10:26 kala joined #openam
10:27 kala hello. morning. OpenAM can do XACML, right. What kind of attribute sources the PDP can use? Only those attributes which are available from the data store and from the session?
10:28 asyd morning
10:56 hos001_ kala: which attribute sources do you expect?
11:14 aldaris1 joined #openam
11:14 hos001___ joined #openam
11:17 hos001_ joined #openam
11:40 kala hos001_: it seems that axiomatics offers SQL, for example
11:49 hos001_ XACML support is not very strong in OpenAM
11:50 hos001_ Do you mean SAML XACML profile or just plain "entitlements"?
11:58 asyd time to workon openidm
11:59 aldaris joined #openam
13:15 Hunger- joined #openam
13:15 reflectivedev joined #openam
13:31 ibenox joined #openam
13:35 kala hos001_: I'm still starting with this thing ... I don't know what is SAML XACML profile. SAML is used for transporting policy decisions?
13:37 hos001_ yes.  http://docs.oasis-open.org/xacml/2.0/access​_control-xacml-2.0-saml-profile-spec-os.pdf
13:48 kala ok. and "plain entitlements" are what? I figured that everything is XACML internally for OpenAM?
13:49 kala http://openam.forgerock.org/openam-doc​umentation/openam-doc-source/doc/dev-g​uide/index/chap-policy-decisions.html vs http://openam.forgerock.org/openam​-documentation/openam-doc-source/d​oc/dev-guide/index/chap-xacml.html ?
13:51 eivind joined #openam
13:53 hos001_ with plain entitlements I mean simply querying the policy service via SDK or REST
13:55 asyd pff openidm is not easy
13:55 aldaris identity management is never easy
13:56 kala hos001_: ok ... the difference is that with SAML profile, one can send the attribute values with the request as well?
13:56 asyd yeah sure
13:57 aldaris kala, hos001_ XACML doesn't really work in OpenAM
13:57 asyd i imported successfully a user from ldap, create another user from openidm ui, create a new policy to create users in ldap
13:57 asyd but now i have policy validation failed because username is not unique
13:58 kala aldaris: good, we looked at axiomatics already ;)
13:59 hos001_ aldaris: I am glad you are saying that ;)
13:59 aldaris I'm not
13:59 aldaris but well, that's the truth, it doesn't really work well
13:59 aldaris entitlements are fine grained enough for 99% of the cases
14:00 kala you mean the functionality is missing, or ... something is broken or ...
14:00 hos001_ yes it is really not very compatible with the standard
14:00 aldaris imho xacml is a bit of an overkill of a spec..
14:01 aldaris the main problem with the spec is that due to its complexity it has scaling issues..
14:02 aldaris kala, there is _something_, but it is not xacml3, but some random version of the spec
14:03 kala ok
14:03 aldaris and the whole point of the spec (imho) is that you have a standard that defines the policy format, but if the implemented version isn't even 3, then you just get an XML which may or may not make sense to others
14:04 sikor_sxe left #openam
14:06 awkwords joined #openam
14:08 kala aldaris: this is rather common, I would guess.
14:09 kala but yes ... in the end I would still have to deal with the problems because of non-interoperability
14:10 aldaris btw is there any product out there that actually supports SAML with XACML?
14:14 asyd strange users have differents userName in the orientdb hmm
14:52 khushildep joined #openam
14:55 ryebrye joined #openam
15:22 rghose joined #openam
16:19 aldaris joined #openam
16:24 ramteid joined #openam
17:09 aldaris joined #openam
17:46 aldaris joined #openam
18:33 aldaris joined #openam
18:35 aldaris joined #openam
20:01 pfreixes joined #openam
20:10 aldaris joined #openam
20:24 hos001_ left #openam
21:13 aldaris joined #openam
21:25 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary