[announce] XACML Becomes OASIS Open Standard

[Carol Geyer <carol.geyer@oasis-open.org>]

XACML Access Control Markup Language Ratified as OASIS Open Standard

Universal Language for Authorization Policy Enables Secure Web Services

Boston, MA, USA; 18 February 2003 -- The OASIS interoperability
consortium today announced that its members have approved the Extensible
Access Control Markup Language (XACML) as an OASIS Open Standard, a
status that signifies the highest level of ratification. XACML allows
developers to express and enforce policies for information access over
the Internet.

"XACML is designed to enable the interoperability of a broad range of
administration and authorization products by providing a universal
language for authorization policy. Its flexibility and features for
supporting large scale, federated environments will literally set the
standard for the next generation of authorization products," explained
Hal Lockhart of BEA Systems, co-chair of the OASIS XACML Technical
Committee.

"Policies applied consistently across environments and across vendor
products is the cornerstone of good security," added Carlisle Adams of
Entrust, co-chair of the OASIS XACML Technical Committee. "Coupled with
secure mechanisms for carrying requester attributes--such as SAML
assertions, Java permissions, or WS-Security tokens--XACML is a key
component in an authorization infrastructure that can span Web services,
J2SE, and other e-business environments."

The OASIS XACML specification was developed by Entrust, IBM,
OpenNetwork, Quadrasis, Sterling Commerce, Sun Microsystems, and other
members of the OASIS Extensible Access Control Markup Language Technical
Committee.

Before becoming an OASIS Open Standard, XACML first completed an
extensive public review and was approved by the OASIS XACML Technical
Committee. Then, the specification demonstrated its readiness through
multiple implementations, after which XACML was reviewed and approved by
the OASIS membership as a whole.

"Ratification as an OASIS Open Standard means that developers can deploy
XACML with confidence," said Karl Best, vice president of OASIS. "We
congratulate and thank the members of the OASIS XACML Technical
Committee for all their outstanding efforts in advancing XACML as the
newest OASIS Open Standard."

XACML is the latest addition to the growing OASIS portfolio of security
standards. It joins another recently approved OASIS Open Standard, the
Security Assertion Markup Language (SAML), as well as emerging
specifications advanced within OASIS such as WS-Security, Service
Provisioning Markup Language (SPML), Digital Signature Services (DSS),
and Public Key Infrastructure (PKI).


Industry Support for XACML

"The ratification of XACML as an OASIS Open Standard reaffirms OASIS'
leadership in interoperable secuirty standards for XML," said Edward
Cobb, VP of Architecture and Standards, BEA Systems. "XACML and SAML as
completed standards, and in-process work such as WS-Security, are the
foundation for securing eBusiness interactions. We congratulate the
OASIS XACML Technical Committee on reaching this important milestone."

"DataPower applauds the OASIS XACML Technical Committee on their efforts
to address a key part of the security area for distributed systems.
Their common framework should greatly help accelerate the move away from
proprietary systems and towards open networks. DataPower looks forward
to suporting rich access control as defined by XACML in our XML-aware
network devices," said Rich Salz, chief security architect at DataPower
Technology Inc.

"As a leader in delivering enhanced Internet security solutions, Entrust
is very proud to have played a role in the development of the XACML 1.0
specification, and we are pleased to see the overwhelming support it has
received," said Brian O'Higgins, chief technology officer at Entrust,
Inc. "XACML 1.0, in conjunction with the recently approved SAML
standard, will provide critical functionality for a comprehensive
authorization architecture. OASIS has taken yet another significant step
forward in solving the Internet security puzzle."

"Sun believes that flexible and interoperable access control standards
are critical for the future of network computing and for the development
of secure Web services," said Mark Bauhaus, vice president of Java Web
services at Sun. "That's why we have supported and continue to support
the XACML standard. Sun announced today that we are releasing our XACML
implementation under an Open Source license. This will help developers
build secure Web services and enterprise applications, delivering cost
savings and simplification to our customers."


About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information
Standards) is a not-for-profit, global consortium that drives the
development, convergence, and adoption of e-business standards. Members
themselves set the OASIS technical agenda, using a lightweight, open
process expressly designed to promote industry consensus and unite
disparate efforts. OASIS produces worldwide standards for security, Web
services, XML conformance, business transactions, electronic publishing,
topic maps and interoperability within and between marketplaces. Founded
in 1993, OASIS has more than 2,000 participants representing over 600
organizations and individual members in 100 countries.

For more information:

Carol Geyer
Director of Communications
OASIS (www.oasis-open.org)
carol.geyer@oasis-open.org
+1.978.667.5115 x209