[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [regrep] XACML and Access Control Policy
I'm for a "meta model", represented in the spec as a required "Access Policy Module", with a non normative XACML binding. -Matt On Wednesday, January 8, 2003, at 12:37 PM, Damodaran, Suresh wrote: > Here is a thought that we may need to confront sooner or later. > XACML is not free of IP claims [1,2]. Since we don't want reg-rep v3.0 > to be encumbered by IP claims, one option we have is the following: > > 1. Make a meta model and then bind XACML to it. This should leave the > option > of making other > bindings as well. I don't claim I know exactly how to do this as yet, > but that is something we would need to figure out together. > > The second option is to forget about the metamodel and let the burden > fall > on > the implementers. > > Any other thoughts or other options? > > In any case, it looks prudent to cleanly identify and compartmentalize > the spec portions that deal with XACML and Custom Access Control. > > Regards, > > -Suresh > Sterling Commerce (on loan to RosettaNet) > [1] http://www.oasis-open.org/committees/xacml/ibm_ipr_statement.shtml > [2] http://www.oasis-open.org/committees/xacml/cg_ipr_statement.shtml > > > > -----Original Message----- > From: Farrukh Najmi [mailto:farrukh.najmi@sun.com] > Sent: Tuesday, January 07, 2003 8:03 PM > To: Breininger, Kathryn R > Cc: Matthew MacKenzie; Damodaran, Suresh; regrep@lists.oasis-open.org > Subject: Re: [regrep] XACML and Access Control Policy > > > I believe that proposed changes for custom ACP are largely orthogonal > to > the the set of changes proposed to be reviewed this Thursday. The only > overlap in in the security chapters of RS and RIM where the changes for > 2.33 were fairly minor. We could defer these chapters review until we > finish the Custom ACP task. > > -- > Regards, > Farrukh > > > > Breininger, Kathryn R wrote: > >> Sounds like this should be the first agenda item. Do you anticipate >> other > sections of the specs changing as a result? If the second agenda item > is > reviewing the current changes, are there sections that will be > affected by > this proposal that we should skip in our spec review? >> >> >> On Monday, Jan 6, 2003, at 17:03 America/Vancouver, Farrukh Najmi >> wrote: >> >> >> >>> Suresh, >>> >>> XACML based custom access control policy was planned for V3 and is in >>> fact the only task that was planned for V3 that we have not addressed >>> for V3. The task was dropped for two reasons: >>> >>> -XACML was a moving target >>> >>> -We had no one signed up for the task >>> >>> Given that XACML is now a month away from becoming the next OASIS >>> approved standard ( I believe it will get approved) and given that >>> you >>> are offering to take ownership of the, I completely agree with your >>> suggestion that we should do it for V3. >>> >>> My experience with several strategic ebXML Registry pilots using the >>> ebxmlrr project has shown that this is a *MUST* feature for V3. In >>> fact the ebxmlrr project has been implementing XACML based custom ACP >>> as a implementation specific feature already. The experience further >>> suggests that XACML is ready for building our specs on top of and >>> that >>> we *SHOULD* do custom ACP for V3 based on XACML. >>> >>> I believe we could accommodate the increase in scope with about 1 >>> month slip to our V3 schedule. I think that the benefit of having >>> this >>> strategic feature far outweighs the cost of the delay to V3 schedule. >>> >>> I would be very willing to help you with this task. Maybe Sanjay >>> could >>> help as well (Sanjay?) and we could get our security sub-team charged >>> up for V3. >>> >>> Kathryn, I propose we add this issue to this week's TC con-call. >>> >>> -- >>> Regards, >>> Farrukh >>> >>> >>> >>> Damodaran, Suresh wrote: >>> >>> >>> >>>> Hi all, >>>> >>>> It would be great to have XACML based custom access control policy >>>> for V3. Is this something we are considering for V3? >>>> >>>> I may even volunteer sometime:-) >>>> >>>> Best regards, >>>> >>>> -Suresh >>>> Sterling Commerce (on loan to RosettaNet) >>>> >>>> >>>> > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC