OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: XACML Proposal


If anything, I think you would see the ultimate work of SAML accelerated
through the creation of an XACML TC. 

In terms of timing I am proposing the first face-to-face for XML One in
Chicago the beginning of May. I would expect a 6-9 month turnaround for a
standard and perhaps even a reference implementation since several folks
already have prototypes of XACML types of things (XACL and XML-AC).

From one perspective XACML is about the expression of policies within what
is being referred to as a PDP by SAML. The best way to get a sense of this
is to take a look at:

http://www.trl.ibm.com/projects/xml/doccont/xacl_e.htm

and

http://131.175.16.43:8090/XML-AC/doc/misc/readme.html

The creators of both the above desire to create a separate XACML TC so that
these issues can get the standards attention they need. I'll let them speak
for themselves with respect to how strongly they desire a separate TC.

I think it is safe to say that the XACML group's primary concern is the
expressiveness and power of policy representation. 

Most existing policy mechanisms are insufficiently powerful and flexible for
today's distributed, dynamic, mobile business and technical environment.
Thus, policy representation has been scattered across operating system
security measures, database security measures, firewalls, and applications
in a variety of different formats. This makes things very hard to manage and
thus insecure. It also means that policies are frequently out of sync with
their business drivers. There are some commercial and academic endeavors
underway to address this issue.


Simon Y. Blackwell 
CTO 
Psoom, Inc. 
Voice & Fax: 415-762-9787 



-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie]
Sent: Thursday, March 29, 2001 1:04 AM
To: Simon Y. Blackwell
Cc: Security-Services (E-mail); 'Xacml-Discuss (E-mail)
Subject: Re: XACML Proposal



Simon,

What is the expected timing and how does that relate to the on-going
SAML work? As usual, I don't care too much about the organisational 
issues, but do not want to see SAML held-up or side-tracked at any 
point because of SAML/XACML incompatibility or dependencies.

Can you clarify the intended timing?

Stephen.

> "Simon Y. Blackwell" wrote:
> 
> After some preliminary discussion with Eve L. Maler I am posting this
ballot to the Security
> Services list. Members of the XACML discussion list need not respond since
they have already
> responded to an internal ballot. The results of the internal ballot so far
are 10 in favor of the
> submission as written, 1 with an inconsequential change that is reflected
below. 8 people favor a
> separate TC, 2 prefer a subcommittee, and 1 has no preference.
> 
> The XACML discussion list is about to propose formation of a TC to OASIS.
Per previous agreement
> by the XACML list organizers with the members of Security Services TC the
Security Services list
> is being informed beforehand in order to help determine if the proposed
activity should properly
> be a sub-group within Security Services. Please reply to the poster of
this e-mail with you
> comments by April 1st so that it can be discussed on the April 3rd
teleconference.
> 
> [ ] Agree with the proposal as written for submission to OASIS for TC
formation
> 
> [ ] Agree with the proposal with minor or inconsequential changes as noted
prior to submission to
> OASIS for TC formation
> 
> [ ] Agree with the proposal as written for creation of a subcommittee
within Security Services
> 
> [ ] Agree with the proposal with minor or inconsequential changes for
creation of a subcommittee
> within Security Services
> 
> [ ] Proposal should not be submitted and work should be suspended
> 
> [ ] More extensive discussion is required prior to a decision
> 
> [ ] Please make me a member of the TC or subcommittee mailing list if one
is formed.
> 
> Name of TC: XACML
> 
> Statement of purpose: The purpose of the XACML TC is to define a core
schema and corresponding
> namespace for the expression of authorization policies in XML against
objects that themselves are
> identified in XML. The schema will be capable of representing the
functionality of most policy
> representation mechanisms available at the time of adoption. It is also
intended that the schema
> be extensible in order to address that functionality not included, custom
application
> requirements, or features not yet envisioned. Issues to be addressed
include, but are not limited
> to: fine grained control, the nature of the requestor, the protocol over
which the request is
> made, content introspection, the types of activities authorized. The group
intends to work closely
> with security services (SAML) to ensure work is not duplicated and
adoption is as simple as
> possible.
> 
> List of deliverables: statement of scope (what's in and what's out),
glossary, bibliography
> (including references to other XML initiatives, e.g. SAML), joint
statement with SAML about the
> intersections of work, use cases, detailed requirements, proposed
standard, model examples for
> "native" and non-native XML targets of control, reference implementation
executables.
> 
> Simon Y. Blackwell
> CTO
> Psoom, Inc.
> Voice & Fax: 415-762-9787
> 
> 

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com

Simon Blackwell (E-mail).vcf



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC