[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: XACML Proposal
If anything, I think you would see the ultimate work of SAML accelerated through the creation of an XACML TC. In terms of timing I am proposing the first face-to-face for XML One in Chicago the beginning of May. I would expect a 6-9 month turnaround for a standard and perhaps even a reference implementation since several folks already have prototypes of XACML types of things (XACL and XML-AC). From one perspective XACML is about the expression of policies within what is being referred to as a PDP by SAML. The best way to get a sense of this is to take a look at: http://www.trl.ibm.com/projects/xml/doccont/xacl_e.htm and http://131.175.16.43:8090/XML-AC/doc/misc/readme.html The creators of both the above desire to create a separate XACML TC so that these issues can get the standards attention they need. I'll let them speak for themselves with respect to how strongly they desire a separate TC. I think it is safe to say that the XACML group's primary concern is the expressiveness and power of policy representation. Most existing policy mechanisms are insufficiently powerful and flexible for today's distributed, dynamic, mobile business and technical environment. Thus, policy representation has been scattered across operating system security measures, database security measures, firewalls, and applications in a variety of different formats. This makes things very hard to manage and thus insecure. It also means that policies are frequently out of sync with their business drivers. There are some commercial and academic endeavors underway to address this issue. Simon Y. Blackwell CTO Psoom, Inc. Voice & Fax: 415-762-9787 -----Original Message----- From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] Sent: Thursday, March 29, 2001 1:04 AM To: Simon Y. Blackwell Cc: Security-Services (E-mail); 'Xacml-Discuss (E-mail) Subject: Re: XACML Proposal Simon, What is the expected timing and how does that relate to the on-going SAML work? As usual, I don't care too much about the organisational issues, but do not want to see SAML held-up or side-tracked at any point because of SAML/XACML incompatibility or dependencies. Can you clarify the intended timing? Stephen. > "Simon Y. Blackwell" wrote: > > After some preliminary discussion with Eve L. Maler I am posting this ballot to the Security > Services list. Members of the XACML discussion list need not respond since they have already > responded to an internal ballot. The results of the internal ballot so far are 10 in favor of the > submission as written, 1 with an inconsequential change that is reflected below. 8 people favor a > separate TC, 2 prefer a subcommittee, and 1 has no preference. > > The XACML discussion list is about to propose formation of a TC to OASIS. Per previous agreement > by the XACML list organizers with the members of Security Services TC the Security Services list > is being informed beforehand in order to help determine if the proposed activity should properly > be a sub-group within Security Services. Please reply to the poster of this e-mail with you > comments by April 1st so that it can be discussed on the April 3rd teleconference. > > [ ] Agree with the proposal as written for submission to OASIS for TC formation > > [ ] Agree with the proposal with minor or inconsequential changes as noted prior to submission to > OASIS for TC formation > > [ ] Agree with the proposal as written for creation of a subcommittee within Security Services > > [ ] Agree with the proposal with minor or inconsequential changes for creation of a subcommittee > within Security Services > > [ ] Proposal should not be submitted and work should be suspended > > [ ] More extensive discussion is required prior to a decision > > [ ] Please make me a member of the TC or subcommittee mailing list if one is formed. > > Name of TC: XACML > > Statement of purpose: The purpose of the XACML TC is to define a core schema and corresponding > namespace for the expression of authorization policies in XML against objects that themselves are > identified in XML. The schema will be capable of representing the functionality of most policy > representation mechanisms available at the time of adoption. It is also intended that the schema > be extensible in order to address that functionality not included, custom application > requirements, or features not yet envisioned. Issues to be addressed include, but are not limited > to: fine grained control, the nature of the requestor, the protocol over which the request is > made, content introspection, the types of activities authorized. The group intends to work closely > with security services (SAML) to ensure work is not duplicated and adoption is as simple as > possible. > > List of deliverables: statement of scope (what's in and what's out), glossary, bibliography > (including references to other XML initiatives, e.g. SAML), joint statement with SAML about the > intersections of work, use cases, detailed requirements, proposed standard, model examples for > "native" and non-native XML targets of control, reference implementation executables. > > Simon Y. Blackwell > CTO > Psoom, Inc. > Voice & Fax: 415-762-9787 > > -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC