I have adapted a proprietary access control language to xacml, and merely mapping concepts was not enough. It was useful, but didn't fill in all the blanks.
-matt
--
Matt MacKenzie
Development Manager, LiveCycle Registry
Adobe Systems Incorporated
-----Original Message-----
Sent: Tue Oct 11 13:10:51 2005
Subject: RE: [soa-rm] RE: Resolving Various Policy Languages with Ontologies
<Quote>
For example, if I have a service that uses XACML policy and another
service that uses EPAL policy, I could resolve the differences between
the two policy languages using an ontology for both policy languages at
the policy decision point.
</Quote>
I believe this has already been stated on some form or another by others
who have replied, but this looks to me like the job for a "security
policy reference model" (or similar name) that contains those (minimal)
concepts that are most central to the domain, rather than an ontology. I
see an ontology as a semantic model that may be derived using the
reference model, along with multiple other representations such as
concrete security architectures, UML class diagrams, E-R diagrams, etc.
One single reference model begets all of these and more.
Joe (living in reference model world these days)
Joseph Chiusano
Booz Allen Hamilton
700 13th St. NW
Washington, DC 20005
O: 202-508-6514 <= new office number as of 09/19/05
C: 202-251-0731
-----Original Message-----
Sent: Tuesday, October 11, 2005 11:50 AM
To: Danny Thornton
Subject: [soa-rm] RE: Resolving Various Policy Languages with
Ontologies
Post from Danny Thornton:
(he mentions the "O" and "S" words)
;-)
-----Original Message-----
Sent: Monday, October 10, 2005 10:26 PM
To: Duane Nickull
Subject: Resolving Various Policy Languages with Ontologies
Hi Duane,
The following is an e-mail dicussion I would like to have
with soa-rm group:
I have been reading WD-SOA-RM-09 to get an idea of the
terminology/concepts for resolving various policy languages
in a service oriented architecture. Section
2.2.3.2 of WD-SOA-RM-09 discusses the limits of description.
Section 2.3.1.2 states that an ontology can be defined to
interpret strings and other tokens in the data.
In the discussions I've had about resolving various policy
languages in an SOA, I've hijacked the ontology concept and
applied it as a general concept for resolving differences in
policy languages.
For example, if I have a service that uses XACML policy and
another service that uses EPAL policy, I could resolve the
differences between the two policy languages using an
ontology for both policy languages at the policy decision point.
For section 2.3.1.2 of the WD-SOA-RM-09, does anyone have any
thoughts on expanding the concept of ontologies beyond the
service description's data model?
Danny
__________________________________