OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Draft XACML FAQ, Take 2

nicely done.

i would like to propose an addition to the following:

>    2.
>       *What is the need for such a standard?*
>       Currently, there are many proprietary or application-specific
>       access control policy languages. This means policies can not be
>       shared across different applications, and provides little
>       incentive to develop good policy composition tools. Many of the
>       existing languages do not support distributed policies, are not
>       extensible, or are not expressive enough to meet new requirements.
>       XACML enables use of arbitrary attributes in policies, role based
>       access control, security labels, time/date-based policies,
>       indexable policies, "deny" policies, and dynamic policies, all
>       without requiring changes to the applications that use XACML.

append: Adoption of XACML across vendor and product platform should 
provide the opportunity for organizations to perform security [policy] 
audits directly across such system.

or something to that affect. i am a big proponent of 'holistic' security 
  policy management and that is almost impossible today. it is my hope 
that XACML will eventually allow tools to be developed that allow 
clients to map/evaluate corporate policy to technology implementations.

i also like hal's suggestion that we include the xrml reference.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]