Background--
Most of you may be at least vaguely aware of the so-called "Identity Ecosystem" initiative that was launched in response to the 2011 [US] President's National Strategy for Trusted Identities in Cyberspace (NSTIC): see
The ID Ecosystem initiative is now being managed by a non-profit corporation called the Identity Ecosystem Steering Group (IDESG.) The IDESG is supported and initially funded by NIST. For more see:
One activity of the IDESG is to develop a Registry of standards related to the provision of identity and access-management services that will comprise the ID Ecosystem. The IDESG Standards Coordination Committee (SCC) runs this process and has put the first few nominated standards through their Standards Adoption Process (SAP) for adoption into the Registry. Among these are SAML v2, OAUTH 2, and OpenID Connect 1.0. (Standards in the Registry are not mandatory, but it is expected that service providers will chose among adopted standards that are relevant to the service(s) they provide.)
Issues for Discussion in the XACML TC
1. I think it makes sense from the IDESG point of view to adopt XACML 3.0 (and at least some associated Profiles) into the IDESG Registry. Although the initial focus of the IDESG is on authentication, authorization is certainly in-scope so that XACML is a "relevant" standard.
2. The IDESG also evaluates standards-development organizations, who must be approved as a pre-requisite for adopting a standard managed by that SDO. OASIS has already been evaluated because of the nomination of SAML, so that step is done.
3. Anyone may nominate a standard to be included in the IDESG Inventory, but the IDESG SCC prioritizes the items in the inventory for evaluation to be adopted into the Registry. In the case of XACML there is interest among IDESG participants (including me) in seeing it adopted into the Registry, so actual filing of a nomination and following it through the IDESG process would not be the responsibility of the XACML TC (but that is an option as well.) In any event very little information is required for nomination: see the attached form. I would however assume the TC would review and comment on the information submitted in the nomination form and help address questions, if any, that might arise in the course of SCC assessment.
4. Assuming the TC has no objection to having XACML 3.0 nominated for adoption into the IDESG Standards Registry, there still remains the question of which specifications other than the 3.0 Core, i.e., which Profiles, should be proposed. (It may be that the SCC will want to have each Profile considered separately, but it might be possible to nominate a batch of Profiles together.) In any case, the TC might wish to consider which Profiles might be appropriate for use in the ID Ecosystem.
Thanks,
Martin
--
Martin F Smith, PrincipalBFC Consulting, LLC
McLean, Va 22102
703 506-0159
703 389-3224 mobile