[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Possible clarification on XACML interop test
I listened in to a Burton Group "telebriefing" this morning on Web Access Management, and the analyst, Mark Diodati, referred to the XACML interop event Burton is interested in sponsoring at the next Catalyst conference. The analyst did not shed much light on what Burton (and its customers) really want, but the emphasis seemed to be on support for XACML's Request/Response formats rather than on support for XACML policies. In order to test interoperability of products with XACML Request/Response formats, two things need to be tested. First is whether the product supports XACML's Request/Response formats at all (Diodati did not distinguish between raw Request/Response versus encapsulation using the SAML profile). The second is whether the XACML Request/Response format can convey the information required to evaluate existing WAM policies, whether those policies are XACML policies or some other existing format. This seemed to be the analyst's primary concern. Design an XACML policy interoperability test requires testing the various XACML policy capabilities. Products that translate XACML policies into their native policy format may be able to translate some XACML policy functionality but not all. Even products that use XACML as their native format may not support all features. This type of test would need to be something like our Conformance tests, to see exactly which features various products can handle, either directly or by translation. I think the problem of Attribute retrieval could be finessed by specifying that all Attributes required to evaluate the policies are supplied in the Request. Regards, Anne -- Anne H. Anderson Anne.Anderson@sun.com Sun Microsystems Labs 1-781-442-0928 Burlington, MA USA
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]