OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [regrep] ebXML Registry and Dublin Core


That is precisely what they are struggling to figure out.

Which standards apply to which pieces of what they are trying to accomplish
and how can they leverage them appropriately.

cheers

pk

-----Original Message-----
From: Chiusano Joseph [mailto:chiusano_joseph@bah.com]
Sent: Monday, June 30, 2003 2:46 PM
To: Peter Kacandes
Cc: regrep@lists.oasis-open.org
Subject: Re: [regrep] ebXML Registry and Dublin Core


<Quote>
they want to establish insurance industry standards for passwords
and user IDs between insurance companies and agencies and brokers.
</Quote>

...using already existing (and still in process in some cases) open
standards such as WS-Security and SAML, I hope?

Joe

Peter Kacandes wrote:
>
> At the ACORD meeting last week, they spent close to two hours debating
these
> points.
>
> Basically, they want to establish insurance industry standards for
passwords
> and user IDs between insurance companies and agencies and brokers. At
first
> they wanted to call it SSO but realized that wasn't appropriate and then
> started calling it Identity management, and realized that wasn't quite
right
> either.
>
> The popular term was PINRM (Post-it Note Replacement Methodology) to
capture
> the fact that most agents at a brokerage keep an array of Post-it Notes on
> the borders of their monitors where each Post-it Note has the user ID and
> password that they need to get into the applications at a particular
> insurance company.
>
> cheers
>
> pk
>
> -----Original Message-----
> From: Chiusano Joseph [mailto:chiusano_joseph@bah.com]
> Sent: Friday, June 27, 2003 10:31 AM
> To: Carl Mattocks
> Cc: Anne Thomas Manes; Farrukh Najmi; Peter Kacandes;
> regrep@lists.oasis-open.org
> Subject: Re: [regrep] ebXML Registry and Dublin Core
>
> <Quote>
> the true potential for XACML is as a 'single sign-on' gateway
> </Quote>
>
> I know exactly what you meant, but mixing the terms "single sign-on" and
> access control is often dangerous. Most folks associate SSO with
> SAML/Liberty Alliance, which is all on the authentication side of things
> (which includes identity management). Access control assumes that the
> user/resource has already been authenticated, and - now knowing that
> their identity is valid - what resources they have access to, at what
> level, in what manner etc.
>
> <Quote>
> let us not forget Dublin Core. IMHO the registry should allow both the
> DC core & extended elements to be applied to any and all types of
> objects. i.e. expand the information that is known about a  particular
> asset
> </Quote>
>
> Yes - I think a mapping between Dublin Core metadata and our RIM would
> be very useful. Then the Content Indexer could be used to perform the
> translation between the 2. David Webber mentioned GILS (Global
> Information Locator Service) to Farrukh and I recently - there is a
> GILS/Dublin Core crosswalk available. So if we support GILS, we can
> support Dublin Core through the crosswalk (if we choose that approach).
>
> There also exists a crosswalk between GILS and UDDI - so we could have
> UDDI --> GILS --> ebXML Registry as well.
>
> Joe
>
> Carl Mattocks wrote:
> >
> > In the world of large organizations (the world they create) direct
access
> to databases is strictly limited to DBAs and approved applications. IMHO
> (similar to Joe) the true potential for XACML is as a 'single sign-on'
> gateway to many information sources (database and other CMSs).
> >
> > Regarding standard for CMS - let us not forget Dublin Core. IMHO the
> registry should allow both the DC core & extended elements to be applied
to
> any and all types of objects. i.e. expand the information that is known
> about a  particular asset .
> >
> > > <Quote>
> > > But looking at this from the customer's point of view -- they're
> > > accustomed to defining access control policies in the database.
> > >
> > > Absolutely - the human factor and change management is always an
> > > important consideration (it's often a deal maker or breaker). An
"XACML
> > > Gateway" from the large database vendors might help solve this.
> >
> > carl
> > Carl Mattocks
> > CEO CHECKMi
> > e-mail: CarlMattocks@checkmi.com
> > *******************************************
> > Business Agent Software that
> > Secures Knowledge for Reputation:Protection
> > *******************************************
> > CHECKMi Compendium the shortcut to Valued & Trusted Knowledge
> > *******************************************
> > www.checkmi.com
> > (usa)1-908-322-8715
>
> You may leave a Technical Committee at any time by visiting
http://www.oasis-open.org/apps/org/workgroup/regrep/members/leave_workgroup.
php



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]