OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [xacml] "Successfully Using XACML"...


Title: "Successfully Using XACML"...
By "policy creation component" do you mean the ability to generate and export XACML policy for export for use by other applications? Or does the compliant application have to support an XACML natively and have an XACML editor?  
 
James MacLean
 
 
-----Original Message-----
From: Carlisle Adams [mailto:carlisle.adams@entrust.com]
Sent: December 11, 2001 1:37 PM
To: 'xacml@lists.oasis-open.org'
Subject: [xacml] "Successfully Using XACML"...

Hi all,

I had a pending action item to propose a definition for the phrase "successfully using the XACML specification".  As you may recall, we as a TC need to come to consensus on the meaning of this so that when we submit our spec to OASIS for progression, at least three of our members can put their hands on their hearts and claim to OASIS that they are "successfully using the specification".

My proposal is included below.  I welcome comments on the list; eventually (sooner rather than later!) we need to agree on a definition so that the implementers among us know what to build...

Carlisle.


8<------------------------------------

A set of test cases (each test case consisting of a specific XACML policy instance, along with all relevant inputs to the policy decision and the corresponding PDP output decision) will be devised and included on the XACML Web site.

In order to be "successfully using the XACML specification", an implementation MUST, for each test case, have a "policy evaluation component" that can consume the policy instance and the inputs and produce the specified output.  Furthermore, the implementation MUST have a "policy creation component" which allows it to produce schema-valid XACML policy instances.

Note that, aside from the XACML policy instance itself, all PDP inputs and outputs MUST be SAML-compliant (i.e., conform with the assertions and protocol messages defined in the SS-TC SAML specification), although other syntaxes/formats for the PDP input and output MAY be supported in addition to this.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC