OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] FW: InterOp and Attribute Identifiers? - Re: [xacml-users] OASIS XACML InterOp Demo, RSA 2008, San Francisco, California, USA, April 7-11 2008


See below...

Dee Schur wrote:
> Can someone answer this gentleman from http://public.eu-egee.org/.
> Thanks,
> Dee
>
> -----Original Message-----
> From: Yuri Demchenko [mailto:demch@chello.nl]
> Sent: Wednesday, March 05, 2008 4:52 AM
> To: xacml-dev mailing list
> Cc: Dee Schur; ggebel@burtongroup.com
> Subject: InterOp and Attribute Identifiers? - Re: [xacml-users] OASIS
> XACML
> InterOp Demo, RSA 2008, San Francisco, California, USA, April 7-11 2008
>
> Hi Dee,
> Hi Gerry,
>
> Very interesting event!
>
> Actually this announcement triggered my request to the list about
> defining new attribute and obligation identifiers (see my message of
> March 4, 2007, "Subject: [xacml-dev] Any rules/regulations for defining
> new AttributeId...")
>
> Can you or somebody from potential interopers advice on the best
> practice for defining common attribute and obligation identifiers?
>
> In particular, using OASIS prefix "urn:oasis:names:tc:xacml:2.0:" vs own
> namespace vs URL style?

In general you should use your own prefix. The OASIS one is reserved for
the enumerators agreed upon by OASIS standardization process. The tooling
is expected to handle non-OASIS extensions gracefully.

Any sensible software implementation is extensible in terms of the
enumerators it accepts and if you invent new ones, it stands to reason
that the implementations should be able to handle them as unknown, but
legit extensions.

For some intervening layers that is sufficient, but eventually you want
your enumerator to be semantically understood and acted upon. At this
crucial point the standardized enumerators have a good chance of being
correctly understood whereas the nonstandard ones (defacto, common use)
will have varying track record depending on their adoption.

If you need specific advice, please do not hesitate to contact me.

Cheers,
--Sampo

> Regards,
>
> Yuri Demchenko
> UvA, EGEE Project
>
> Dee Schur wrote:
>>
>> OASIS XACML InterOp Demo, RSA Conference 2008, San Francisco,
>> California,
>> USA, April 7-11 2008, Booths 132-136
>>
>> The eXtensible Access Control Markup Language (XACML) 2.0 OASIS Standard
> has
>> emerged as a front runner in solving complex access control problems in
> the
>> enterprise. Unlike the approach taken by proprietary access control
>> lists
>> (ACL), XACML is an industry accepted standard that provides a well
>> defined
>> structure to create rules and policy sets to make complex authorization
>> decisions.  Enterprise practitioners have wished for greater
>> interoperability between products that support the XACML OASIS Standard.
>>
>> At the RSA Conference 2008 in San Francisco, April 7-11, nine
> organizations
>> will come together to demonstrate interoperability of the eXtensible
> Access
>> Control Markup Language (XACML) 2.0 OASIS Standard. Simulating a real
> world
>> scenario provided by the U.S Department of Veterans Affairs; the demo
>> will
>> show how XACML ensures successful authorization decision requests and
>> the
>> exchange of authorization policies. Participants include:
>>
>> .     Axiomatics
>> .     BEA Systems
>> .     IBM
>> .     Oracle
>> .     Red Hat
>> .     Cisco
>> .     Sun Microsystems
>> .     U.S. Department of Veterans Affairs
>>
>> The Interoperability Demonstration will utilize the requirements drawn
>> in
>> the Healthcare industry based on work done at the U.S. Department of
>> Veterans Affairs, HL7, ASTM and ANSI.  The requirements include
>> Role-Based
>> Access Control (RBAC), Privacy Protections, Structured and Functional
> Roles,
>> Consent Codes, Emergency Overrides and Filtering of Sensitive Data. The
>> demonstration will highlight how XACML Obligations can provide
>> additional
>> capabilities in the policy decision making process, while taking the
> health
>> care scenarios as example. Technical details of the demonstration,
> including
>> Interoperability Configuration, Policy Decision Request and Policy
>> Interoperability, Roles and Privileges Modeling, Usage of XACML
> Obligations
>> and SAML Identity Providers will be highlighted.
>>
>> The demonstration will occur in Booths 132-136 beginning April 7, 2008
>> during Expo hours. There will be an opportunity for the RSA 2008
>> attendees
>> to interact with the participating technologists.
>>
>> ***Please distribute to colleagues**
>>
>> For more information contact: jane.harnad@oasis-open.org or
>> dee.schur@oasis-open.org
>>
>>
>>
>>
>> --
>> Gerry Gebel | VP & Service Director | Identity and Privacy Strategies |
>> <identityblog.burtongroup.com>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org
>> For additional commands, e-mail: xacml-users-help@lists.oasis-open.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in
> OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]