OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: new OASIS discussion list : XACML

My first attempt to send to this to the security services mailing
list bounced due to an HP email problem. Hopefully this has now been
resolved. I apologize to those of you who receive multiple copies.

I do not see how to separate "an XML framework for exchanging
authentication and authorization information (SAML)" and "the
representation of access control policies as XML". It seems to me that
the later is a subset of the former.

Whilst I think it is important to have a way to represent access
control policies as XML, I do not see that separating out the latter
effort from SAML will benefit either the industry or the wider
community.  It will make coordination of the work harder and further
stretch the people working in the area. Many of the people working on
SAML would want to be involved and have much relevant technical and
business experience to offer. Conducting the efforts in parallel will
make it difficult for these people to participate in both efforts
adequately.  This increases the probability of inconsistencies between
the two efforts.

I also believe having two specifications which are closely related
will increase the probability of confusion in the minds of the
specification consumer (which one do they use for what). This is
likely to cause fragmentation which will reduce the adoption and 
ultimate impact of both efforts.

I have no quarrel with the technical ideas behind the XACML
suggestion. I think it is an excellent idea and hope to
participate. However, in I my opinion the proper place for the XACML
activity to take place is within the Oasis Security Services Technical
Committee, possibly as a follow on activity.

A possible alternative would be for XACML to focus purely on the
"application of access control policies to XML documents". In which
case they could use SAML and there would be a clear demarcation of
scope. However, this would also imply waiting until SAML reaches a
certain level of stability and would require a reduction in the
current scope statement.

Nigel Edwards (Hewlett-Packard)

> -----Original Message-----
> From: Karl Best [mailto:karl.best@oasis-open.org]
> Sent: Wednesday, February 21, 2001 7:13 PM
> To: members@lists.oasis-open.org; tc-announce@lists.oasis-open.org;
> security-services@lists.oasis-open.org;
> xacml-discuss@lists.oasis-open.org; xml-dev@lists.xml.org
> Subject: new OASIS discussion list : XACML
> Upon request by three eligible participants, I have created an OASIS
> Discussion List whose purpose is to discuss the possible 
> creation of an
> OASIS Technical Committee. This list will exist for no longer 
> than 90 days,
> after which time a TC may be formed or not.
> The scope of discussion is eXtensible Access Control Markup 
> Language (XACML,
> an intermin moniker), which addresses security related specifications
> orthogonal to the efforts of the existing Security Services OASIS TC.
> Whereas the Security Services TC exists to define an XML framework for
> exchanging authentication and authorization information, 
> XACML is concerned
> with the representation of access control policies as XML and the
> application of these policies to XML documents. The people 
> requesting the
> creation of this discussion list have discussed this effort with the
> existing Security Services TC, and that TC agreed that this 
> work is best
> carried out as a separate, though coordinated, effort rather 
> than as a part
> of the Security Services TC.
> Current public examples of the types of issues the group will 
> address are
> illustrated by http://www9.org/w9cdrom/419/419.html and
> http://www.trl.ibm.co.jp/projects/xml/doccont/xacl_e.htm
> The persons requesting the creation of this list are:
> Ernesto Damiani, edamiani@crema.unimi.it (Individual member)
> Pierangela Samarati, samarati@dsi.unimi.it  (Individual member)
> Simon Y. Blackwell, sblackwell@psoom.com (Psoom)
> Frank Chum, fchum@psoom.com (Psoom)
> Fred Moses, fmoses@entitlenet.com (EntitleNet)
> The discussion leader will be Ernesto Damiani.
> In order to participate in this discussion you should subscribe to the
> discussion list by sending a message to
> xacml-discuss-request@lists.oasis-open.org with the word 
> "subscribe" as the
> body of the message. If you do not wish to subscribe, but 
> wish to view the
> discussion you may view the list archives at
> http://lists.oasis-open.org/archives/xacml-discuss
> </karl>
> ============================================================
> Karl F. Best
> OASIS - Director, Technical Operations
> 978.667.5115 x206
> karl.best@oasis-open.org  http://www.oasis-open.org
> ------------------------------------------------------------------
> To unsubscribe from this elist send a message with the single word
> "unsubscribe" in the body to: 
> security-services-request@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC