OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] Planning the work of the TC


You are in fact a member of the TC and therefore can post and otherwise contribute. I have verified that your message was posted to the XACML list.

I will repeat the suggestion I made to Paul, add an issue to the wiki. http://wiki.oasis-open.org/xacml/

We are always interested in policy requirements and examples or real world policies. I think most would agree that creating XACML policies at the moment is at least as much art as science. To some extent the xacml-users mailing list is intended to be a forum for discussion of issues relating to policy design. (Like the xacml-dev list, xacml-users is open to anyone in the world, not just OASIS members.)

Regarding Catalyst, there was a workshop yesterday, of which the first half was devoted to XACML. I am not aware of any other planned meeting. However I do know that Prateek Mishra of Oracle and John Tolbert of Boeing (along with a number of other Boeing people) are out there. I suggest you try to connect with them informally.


-----Original Message-----
From: Smith, Martin [mailto:Martin.Smith@DHS.GOV]
Sent: Tuesday, July 28, 2009 9:33 AM
To: Tyson, Paul H; Harold Lockhart; xacml@lists.oasis-open.org
Subject: RE: [xacml] Planning the work of the TC

Paul/Hal -- Not sure my message will get to the list as I am an observer, but I do have some requests for the group to consider. Please relay to the group if they seem reasonable to you . . .
Support for inspection of target metadata and/or actual query results during rule processing;
Don't know how to put this exactly, but some consideration of how the target resource is characterized.  From what I have seen.some big rule sets are bug because they try to include specifc rules per target URL, vs. rules aimed at more general metadata characterizing the legal or policy nature of the target. This is probably mostly out of scope for this TC, but someone has to address it.  We have developed a largish ruleset (in pseudocode) that expresses the Privacy Act and other laws/regs applicable to info handling in our (homeland-security) space, which may illustrate the problem.
(Did anything get organized in the way of an informal meeting at Burton Catalyst in this week?  I am headed out there today and would like to participate if possible.)

Martin F. Smith
Branch Chief, National Security Systems
202 447-3743 desk
202 441-9731 cell
888 272-3610 pager


From: xacml-return-1458-martin.smith=dhs.gov@lists.oasis-open.org on behalf of Tyson, Paul H
Sent: Tue 7/28/2009 8:37 AM
To: Harold Lockhart; xacml@lists.oasis-open.org
Subject: RE: [xacml] Planning the work of the TC

The AZ API is a good thing to work on.  It will make it easier for 3rd-party software vendors to make their products work with XACML.  We implemented a special-purpose version, so we'll review the submission for points of similarity and difference.
If you're asking for other Big Things the TC could work on, I have a couple of suggestions:
1. Revive the effort to map XACML policy language to a standard rule language.  There is an old document at http://www.oasis-open.org/committees/download.php/11929/access_control-xacml-3.0-generalization-spec-wd-03.doc <https://connect.dhs.gov/committees/download.php/11929/,DanaInfo=www.oasis-open.org+access_control-xacml-3.0-generalization-spec-wd-03.doc> .  With the imminent release of RIF (http://www.w3.org/2005/rules/wiki/RIF_Working_Group <https://connect.dhs.gov/2005/rules/wiki/,DanaInfo=www.w3.org+RIF_Working_Group> ) it is a good time to consider the feasibility and benefits of standard mechanisms for 1- or 2-way mapping between XACML and RIF.
2. Consider formalisms for linking XACML to RDF/OWL at both abstract and concrete levels.  I see at least 2 aspects:
    a. Produce a XACML ontology in RDF/OWL
    b. Standards or guidelines for mapping XACML attribute ids to RDF Properties
The linkage to RDF/OWL would enable integration of XACML systems with enterprise ontologies, and allow use of web-wide standard ontologies for non-enterprise-specific attributes.  A SPARQL endpoint (or several) would be a particularly elegant implementation of a PIP.  This approach might answer some of the use cases addressed by the AMF proposal.


	From: Harold Lockhart [mailto:hal.lockhart@oracle.com] 
	Sent: Monday, July 27, 2009 17:08
	To: xacml@lists.oasis-open.org
	Subject: [xacml] Planning the work of the TC
	As everyone is aware, Jam Herman and the OGC folks have proposed a lot of potential changes to the hierachical and multi profiles. Seperately from that I recently posted two new submissions to the list.
	I suggest that we spend the next two meetings on overviews of the AZ API and AMF respectively. I would like get everyone up to speed and thinking about them and it will also be an opportunity to answer questions and provide additional information relating to them. Further, I am expecting Jan to join the TC soon and would like to hold off on his proposals until he can participate as a member.
	If no one has any objections, I propose that we spend the bulk of the next call letting Rich give an overview of the API. Then on Aug 13, I will go over the AMF.
	Any objections, questions, comments?  

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]