Re: [xacml] Policy language presentation

["Smith, Martin" <Martin.Smith@DHS.GOV>]

This is a criticism that could be applied broadly to xml "standards." Seems everyone invents a little progtamming language of his own (with yet another metadata vocab.)

Where to begin to clean this profusion??

Martin

----- Original Message -----
From: Tyson, Paul H [mailto:PTyson@bellhelicopter.textron.com]
Sent: Thursday, August 25, 2011 05:40 PM
To: xacml@lists.oasis-open.org <xacml@lists.oasis-open.org>
Cc: Westerinen, Andrea R <Andrea.Westerinen@ca.com>
Subject: [xacml] Policy language presentation

TC and Andrea,

I had to leave today's meeting after an hour so did not hear the last of
the presentation or subsequent discussion.

I was reminded of a paper that Andrea and the TC might find interesting
(if you have not already seen it):

Barker, Steve.  "The Next 700 Access Control Models or a Unifying
Meta-Model?"  SACMAT'09, June 3-5, 2009, Stresa, Italy.

http://portal.acm.org/citation.cfm?id=1542238

The author is not friendly to XACML:

"A sceptical reader might also argue that a general language for
access control policy specification has already been described in
the access control literature: XACML [20]. However, in our view,
it is essential to define a general access control language in terms of
a well-defined access control model with a sound formal semantics
(rather than developing ad hoc access control languages with hopelessly
inadequate formal semantics, as is the case with XACML).
In addition to its unsatisfactory formal underpinnings, XACML is
not based on a well defined conceptual model of access control.
Attempts to retrofit aspects of access control models (via profiles)
have not been satisfactory."

Regards,
--Paul

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php