OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Attached is an HTML file for the initial XACML TC FAQ.

Anne Anderson
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692



currently under review by the XACML TC as of 21 August 2003

  1. What is the XACML TC?

    It is a Technical Committee of the OASIS standards organization focused on development of a standard access control policy language. "XACML" stands for "eXtensible Access Control Markup Language". The full charter is at http://www.oasis-open.org/committees/xacml/charter.php.

  2. What is the need for such a standard?

    Currently, there are many proprietary or application-specific access control policy languages. This means policies can not be shared across different applications, and provides little incentive to develop good policy composition tools. Many of the existing languages do not support distributed policies, are not extensible, or are not expressive enough to meet new requirements. XACML enables use of arbitrary attributes in policies, role based access control, security labels, time/date-based policies, indexable policies, "deny" policies, and dynamic policies, all without requiring changes to the applications that use XACML. Adoption of XACML across vendor and product platform should provide the opportunity for organizations to perform access and access policy audits directly across such system.

  3. Who will benefit from this work and how?

    Every developer, user, or maintainer of applications that require secure authorization will benefit.

  4. What has the XACML TC produced to date?

    In February of 2003, OASIS approved XACML Version 1.0 as an OASIS Standard. In August of 2003, the XACML TC approved XACML Version 1.1 as an OASIS Committee Specification. The TC has not yet determined whether this should advance to OASIS Standard (not because it is not good enough :-), but because it contains only clarifications and minor changes, and does not change the Version 1.0 schemas).

    Links to these documents are available on the XACML TC public home page at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml .

  5. How does this work compare with related efforts at other standards organizations?

    No other standard access control language written in XML currently exists. Related efforts include:

  6. What are the current activities of the XACML TC?

    There are pointers to our current working drafts on the XACML TC public home page at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml . These include XACML profiles for web services policy, XML Digital Signature, and Role Based Access Control.

    In addition, the TC is working on major extensions to XACML that would go into XACML 2.0. Periodically, a list of the current work items under consideration is posted to the XACML TC mailing list.

    There is not yet a schedule for completion of these activities, but all being actively developed.

  7. Where are the archives for the XACML TC mailing lists?

    The archives are located at http://lists.oasis-open.org/archives/xacml/ . These are publicly viewable.

    There is also a mailing list of comments received, primarily during the public review period leading up to the 1.1 standard. This mailing list is archived at http://lists.oasis-open.org/archives/xacml-comment/ .

  8. Who should be involved in the XACML TC?

    Anyone with an interest in access control, authorization, entitlement and related policy issues, either willing to propose requirements or contribute technically should get involved.

  9. Who can join the XACML TC?

    Anyone who is an individual member of OASIS or is from a company that is an OASIS organization member may join.

  10. What types of XACML TC membership exist?

    We have "Prospective Members", "Voting Members", and "Observer" members. Voting members start out as "Prospective Members". See for details . Voting members must attend 2 out of every 3 bi-weekly meetings in order to retain their voting status. Observers can participate fully in the XACML mailing list discussions, but can not vote.

  11. How do I join the XACML TC?

    Send e-mail to one or both of the XACML TC Co-Chairs, requesting to become either a "Prospective Member" or an "Observer". Please request "Prospective Member" status only if you intend to attend bi-weekly XACML TC meetings regularly, since non-participating members make it hard for us to reach quorum at our meetings.

    The co-chairs and their e-mail addresses are listed on the XACML TC public home page at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml .

  12. When are the XACML TC meetings?

    General Body meetings are held every other week. Usually there is an informal Focus Group meeting on alternate weeks at the same time, used to delve into particular topics in detail. The schedule for meetings is located at http://www.oasis-open.org/committees/calendar.php?wg_abbrev=xacml .

  13. What if I want to participate in XACML e-mail discussions, but can't attend bi-weekly meetings?

    Individuals eligible to join the XACML TC may join the TC as "observers". See How do I join the XACML TC? .

    Anyone may submit e-mail to the XACML comments mailing list at xacml-comment@lists.oasis-open.org .

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]