[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XACML and WS-Policy
Hello, I'm trying to understand requirements for an integrated security policy language for web services that includes access control (XACML?), SOAP message security (WS-SecurityPolicy), message reliability (WS-ReliableMessaging), etc. XACML provides a generalized access control policy language. It is not designed is specifically for web services, but it can be used in that context, e.g., web service URL as a resource. WS-SecurityPolicy and WS-ReliableMessaging are designed specifically for web services, being extensions of the W3C WS-Policy specification. The WS-Policy specification includes generic framework elements and alternative methodologies for attaching policies to web services. Because they both extend WS-Policy, it is possible to combine elements from WS-SecurityPolicy and WS-ReliableMessaging into a single, integrated web service security policy. Given that XACML does not extend WS-Policy, it does not appear possible to embed XACML rules governing web service access control into the same web service security policy describe above. Is this correct?? If so, has the XACML TC considered the potential benefits of defining a XACML subset, based on WS-Policy, that can be used specifically to enforce web service access?? Thanks in advance, Jackson Wynn Lead Infosec Engineer - G026 The MITRE Corporation Bedford, MA (781) 271-3419
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]