OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: farewell email


Well, I’ve enjoyed participating in this TC for the last 3 years. I’ve appreciated the spirited but polite discussions, and the shared objective of crafting a stable, useful set of specifications.

 

Although my current assignment has taken me away from day-to-day access control activities, I’m still interested in this important and fascinatingly complex subject. I haven’t contributed much to the conversations lately, but I’d like to leave you with my “top two” concerns for future XACML.

 

First, I think it is important to continue to explore ways of interoperability with the large and growing semantic web world. This means, first of all an agreed conceptual model of XACML in terms of ontologies and rules, and then some concrete mappings from XACML features to semantic web constructs.

 

Secondly, I have always advocated the use of XACML to represent natural-language rule sets (such as contracts, business policies, legislation, etc.). As such, I do not think of XACML policies primarily as computer science artifacts, but as formalized representations of rules derived from a larger domain of discourse that happens mostly outside of the technical realm. Standardization efforts that make it easier for techies to construct and manipulate policies as computer science artifacts are helpful to the techies, but also have the effect of making access control more of a “dark art” removed from the normal human business activity of formulating and enforcing access control rules. Semantic web approaches can help bridge this gap. One technique might be to use linked data principles to connect XACML policies and attributes with resources in the rest of the world. Also, better tools are needed in this area—and although the TC cannot dictate what tools are developed, it can lower the risk of tool development by creating clear standards, principles, and examples.

 

Best wishes and regards,

--Paul

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]