OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Revised new XACML TC charter draft


Attached is a revised draft of the post-2.0-clarified XACML TC
charter.  Changes include:
 - inclusion of the original Statement of Purpose; after
   examining it, I decided none of it needed to be deleted.
 - slight rewording of Scope Item 2, last bullet: "Use of XACML
   authorization policies with web service policies".  This item
   is intended to cover how XACML authorization policies will be
   used in/with whatever the web services policy standard turns
   out to be.
 - updating the Deliverables and Completion Dates to include all
   our completed deliverables and our proposed future ones.

Comments welcome.

Anne
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

Title: Proposed post-2.0 XACML TC Charter

Proposed post-2.0 XACML TC Charter

Version: 1.6
Updated: 04/09/30 (yy/mm/dd)
Editor:  Anne Anderson

The charter for this TC is as follows.

Name

eXtensible Access Control Markup Language - XACML

Statement of Purpose

The XACML Technical Committee will define a core XML schema for representing authorization and entitlement policies, also called XACML.

Policy Target

The target of a policy (hereafter referred to as "target") can be any object that can be referenced using XML.

Protocols and Bindings

The XACML Technical Committee will identify bindings to existing protocols (e.g., XPath, LDAP), and define new protocols, if necessary, as means of accessing and communicating the policies.

Scope

XACML is expected to address fine grained control of authorized activities, the effect of characteristics of the access requestor, the protocol over which the request is made, authorization based on classes of activities, and content introspection (i.e. authorization based on both the requestor and potentially attribute values within the target where the values of the attributes may not be known to the policy writer). XACML is also expected to suggest a policy authorization model to guide implementers of the authorization mechanism.

Extensibility

XACML core schema is extensible for as yet unknown features.

Interoperability

The XACML Technical Committee will define interoperability of XACML core schema with other standards. To ensure work is not duplicated and standards adoption is as simple as possible, XACML shall adopt as baseline documents the work products of the Security Services Technical Committee including but not limited to a Domain Model and Glossary. Furthermore, Use Cases and Requirements documents will share content that is common through normative references. The XACML TC shall keep its work consistent with the work of the Security Services TC by requesting enhancements to, modifications of, and cross-references from Security Services TC documents through a formal liaison with the Security Services TC. This liaison will include the regular sharing of deliverables and status reports during teleconferences or at face-to-face meetings.

Successfully Using the XACML Specification

XACML is an XML schema for representing authorization and entitlement policies. However, it is important to note that a compliant Policy Decision Point (PDP) may choose an entirely different representation for its internal evaluation and decision-making processes. That is, it is entirely permissible for XACML to be regarded simply as a policy interchange format, with any given implementation translating the XACML policy to its own local/native/proprietary/alternate policy language sometime prior to evaluation.

A set of test cases (each test case consisting of a specific XACML policy instance, along with all relevant inputs to the policy decision and the corresponding PDP output decision) will be devised and included on the XACML Web site. These test cases are provided to assist implementers in creating implementations that are conformant with the XACML specification.

The XACML TC adopts the OASIS definition of "successfully using" as described in its TC Process and IPR Policy documents.

The XACML specification must make it possible for an XACML PDP to be capable of accepting SAML conformant inputs and producing SAML conformant outputs.

Scope

  1. The XACML Technical Committee (TC) will define a core XML schema for specifying access control policies, and schemas for specifying authorization decision requests and responses. The core specification will describe the semantics associated with evaluation of these schemas. The initial schemas and semantics specified in XACML Versions 1.0 and 1.1 will be updated based on new experience and requirements in XACML Version 2.0.

  2. The TC will specify extension schemas or profiles, semantics, and usage models for the use of XACML in the following domains or with the following standards:

  3. The TC MAY issue new versions of the core XACML specifications if necessary to support the above profiles and extensions, or to correct serious errors found in current versions.

  4. The TC MAY issue non-normative conformance tests to aid developers and users of its specifications.

  5. The TC MAY publish non-normative XACML implementer guides and XACML tutorials related to deliverables of the TC.

Deliverables and Completion Dates

XACML 2.0 specification set:

Additional specifications and schemas:

Anticipated Audience or Users

The audience is anyone needing an XML representation of authorization decision requests, responses, policies; anyone needing to use, evaluate, or manage such policies.

Language for Conducting Business

The TC will conduct its business in English.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]