Re: [xacml] XACML AzApi as part of F2F agenda

["Rich.Levinson" <rich.levinson@oracle.com>]

Hi Ron,

This link contains a ref to a brief slide presentation I gave to the TC 
last summer, which provides additional context, esp in the area of 
mapping to the Java Permission and Policy model (sp. slide 6).
http://lists.oasis-open.org/archives/xacml/200907/msg00032.html

Also, the xacml home page:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#other

has a link to the ongoing open source project, OpenAz, associated with 
the AzApi, which was discussed at the Sep 10, 2009 TC meeting:
http://lists.oasis-open.org/archives/xacml/200909/msg00011.html

    Thanks,
    Rich


Prateek Mishra wrote:
> Sure, as you know we published the initial contribution to the TC in 
> July this past year:
>
> http://lists.oasis-open.org/archives/xacml/200907/msg00019.html
>
> In addition to this material, we plan to publish an addendum 
> consisting of interfaces that provide some high-level "syntactic sugar"
> and hide some details of generics and attribute structures and so on. 
> Rich Levinson will provide a preview of these materials
> at the XACML F2F.
>
> - prateek
>
>> Prateek or Rich can provide you the pointers.
>>
>> I will try to dig it up in a bit.
>>
>> On 12/01/2009 09:03 AM, Ron Monzillo wrote:
>>> Can someone provide a pointer to the proposed AzApi?
>>>
>>> Among other things, I'd like to come to understand the relationship 
>>> or mapping (if any) between the API that is being proposed and the 
>>> Java Permission and Policy model.
>>>
>>> If someone has already done that analysis I would be very much like 
>>> to see the results.
>>>
>>> thanks,
>>>
>>> Ron
>>>
>>>
>>> Anil Saldhana wrote:
>>>> Nataraj,
>>>>
>>>> While I agree to most of what you said, what the TC can deliver on 
>>>> is a language independent API similar to what DOM1 did. Java can be 
>>>> one of the bindings.  I was of the feeling that AzApi is along 
>>>> those lines.
>>>>
>>>> Lack of standardized API has been the bane of many of the xacml 
>>>> implementors.
>>>>
>>>> Regards,
>>>> Anil
>>>>
>>>> On 11/30/2009 10:28 PM, Nataraj Nagaratnam wrote:
>>>>
>>>>> Wrt #3 below around Java interfaces --
>>>>>
>>>>> I am not sure if XACML TC is the right forum to define Java APIs,
>>>>> especially when there are Java standard APIs already available and 
>>>>> in use.
>>>>> JSR 115/JACC is sufficient in many cases - though it is written from
>>>>> container viewpoint, it is equally applicable to any type of 
>>>>> enforcement
>>>>> points (even if it is apps).  If there gaps that should be 
>>>>> addressed in
>>>>> JACC, I think we should work that in.  Those APIs are applicable 
>>>>> to Java
>>>>> developers who can use it without any knowledge of XACML, or other 
>>>>> means
>>>>> that a container may even provide. So it provides that level of 
>>>>> abstraction
>>>>> as well.
>>>>>
>>>>> Regards,
>>>>> Nataraj Nagaratnam
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>    From:       Prateek Mishra<prateek.mishra@oracle.com>
>>>>>
>>>>>    To:         XACML TC<xacml@lists.oasis-open.org>
>>>>>
>>>>>    Date:       30/11/2009 22:38
>>>>>
>>>>>    Subject:    [xacml] XACML AzApi as part of F2F agenda
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> I would like to request discussion of the XACML AzApi during the 
>>>>> F2F, as
>>>>> we continue to work to advance this towards standard status.
>>>>>
>>>>> The API submission we made this past summer, has a number of features
>>>>> would benefit from the TCs review -
>>>>>
>>>>> 1) Use of generics and a highly factored design to allow for new
>>>>> categories and types of attributes. Is this adequate
>>>>> to model the new materials in XACML 3.0 and other XACML use-cases?
>>>>>
>>>>> 2) A concept called "what is allowed" - which supports a limited but
>>>>> extremely valuable form of scoped query against
>>>>> access rules. One question is how this can be modeled or 
>>>>> implemented in
>>>>> the XACML 2.0/3.0 context
>>>>>
>>>>> 3) Based on experience with the open source and our internal 
>>>>> review of
>>>>> the API, we are planning to submit some additional
>>>>> interfaces to the XACML TC within the next couple of weeks. The main
>>>>> purpose of these interfaces is to allow Java developers with little
>>>>> knowledge of XACML
>>>>> to utilize the API. We would like to be able to describe these
>>>>> interfaces in some detail to the TC, together with
>>>>> the rationale for their introduction.
>>>>>
>>>>> I would request the Chairs to allocate an hour and half for these
>>>>> discussions, which would be led by Rich Levinson (he is out today 
>>>>> - but
>>>>> I thought
>>>>> it important to get this message out to the chairs and TC).
>>>>>
>>>>> Thanks,
>>>>>
>>>>> - prateek
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  Follow this link to all your TCs in OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php