Re: [xacml-dev] InterOp and Attribute Identifiers? - Re: [xacml-users] OASISXACML InterOp Demo, RSA 2008, San Francisco, California, USA, April 7-112008

[Craig Forster <cforster@au1.ibm.com>]

Hi Yuri,

I don't know what the best practices are, or what OASIS officially advises,
but I'd avoid using the "urn:oasis:names:tc:xacml:2.0:" prefix for your
custom identifiers.  I think a good option would be too create a
domain-specific namespace for your application to avoid confusion.

Regards,
Craig

---------------------------------------------------------------
Craig Forster
Software Engineer
IBM Australia Development Labs
Argus == https://w3.webahead.ibm.com/w3ki/display/commonauthz/Home
Blog == http://blogs.tap.ibm.com/weblogs/craigforster/
---------------------------------------------------------------


                                                                                                                                 
  From:       Yuri Demchenko <demch@chello.nl>                                                                                   
                                                                                                                                 
  To:         xacml-dev mailing list <xacml-dev@lists.oasis-open.org>                                                            
                                                                                                                                 
  Cc:         Dee Schur <dee.schur@oasis-open.org>, ggebel@burtongroup.com                                                       
                                                                                                                                 
  Date:       05/03/2008 19:52                                                                                                   
                                                                                                                                 
  Subject:    [xacml-dev] InterOp and Attribute Identifiers? - Re: [xacml-users] OASIS XACML InterOp Demo, RSA  2008, San        
              Francisco, California, USA, April 7-11 2008                                                                        
                                                                                                                                 





Hi Dee,
Hi Gerry,

Very interesting event!

Actually this announcement triggered my request to the list about
defining new attribute and obligation identifiers (see my message of
March 4, 2007, "Subject: [xacml-dev] Any rules/regulations for defining
new AttributeId...")

Can you or somebody from potential interopers advice on the best
practice for defining common attribute and obligation identifiers?

In particular, using OASIS prefix "urn:oasis:names:tc:xacml:2.0:" vs own
namespace vs URL style?

Regards,

Yuri Demchenko
UvA, EGEE Project


Dee Schur wrote:
>
> OASIS XACML InterOp Demo, RSA Conference 2008, San Francisco, California,
> USA, April 7-11 2008, Booths 132-136
>
> The eXtensible Access Control Markup Language (XACML) 2.0 OASIS Standard
has
> emerged as a front runner in solving complex access control problems in
the
> enterprise. Unlike the approach taken by proprietary access control lists
> (ACL), XACML is an industry accepted standard that provides a well
defined
> structure to create rules and policy sets to make complex authorization
> decisions.  Enterprise practitioners have wished for greater
> interoperability between products that support the XACML OASIS Standard.
>
> At the RSA Conference 2008 in San Francisco, April 7-11, nine
organizations
> will come together to demonstrate interoperability of the eXtensible
Access
> Control Markup Language (XACML) 2.0 OASIS Standard. Simulating a real
world
> scenario provided by the U.S Department of Veterans Affairs; the demo
will
> show how XACML ensures successful authorization decision requests and the
> exchange of authorization policies. Participants include:
>
> .     Axiomatics
> .     BEA Systems
> .     IBM
> .     Oracle
> .     Red Hat
> .     Cisco
> .     Sun Microsystems
> .     U.S. Department of Veterans Affairs
>
> The Interoperability Demonstration will utilize the requirements drawn in
> the Healthcare industry based on work done at the U.S. Department of
> Veterans Affairs, HL7, ASTM and ANSI.  The requirements include
Role-Based
> Access Control (RBAC), Privacy Protections, Structured and Functional
Roles,
> Consent Codes, Emergency Overrides and Filtering of Sensitive Data. The
> demonstration will highlight how XACML Obligations can provide additional
> capabilities in the policy decision making process, while taking the
health
> care scenarios as example. Technical details of the demonstration,
including
> Interoperability Configuration, Policy Decision Request and Policy
> Interoperability, Roles and Privileges Modeling, Usage of XACML
Obligations
> and SAML Identity Providers will be highlighted.
>
> The demonstration will occur in Booths 132-136 beginning April 7, 2008
> during Expo hours. There will be an opportunity for the RSA 2008
attendees
> to interact with the participating technologists.
>
> ***Please distribute to colleagues**
>
> For more information contact: jane.harnad@oasis-open.org or
> dee.schur@oasis-open.org
>
>
>
>
> --
> Gerry Gebel | VP & Service Director | Identity and Privacy Strategies |
> <identityblog.burtongroup.com>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: xacml-users-help@lists.oasis-open.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: xacml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: xacml-dev-help@lists.oasis-open.org