[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: Open Standards in Data Access Control
-----Original Message----- From: Jamie Clark [mailto:jamie.clark@oasis-open.org] Sent: Thursday, June 27, 2013 3:45 PM To: Carnahan, Lisa; Mangold, Kevin; Jim Sheire; Steve Bushby; Wollman, David A.; David Temoshok; Hal Lockhart; William Parducci; Tolbert, John W Cc: Hu, Vincent Subject: Fwd: Open Standards in Data Access Control Just FYI. As most of you know, there's a invitational NIST/NSA July workshop on 800-162, as well. I understand some of our member experts are attending. Cordially, Jamie James Bryce Clark, General Counsel OASIS: Advancing open standards for the information society http://www.oasis-open.org/who/staff.php#clark ---------- Forwarded message ---------- From: Jamie Clark <jamie.clark@oasis-open.org> Date: Thu, Jun 27, 2013 Subject: Open Standards in Data Access Control To: Mary Saunders <mary.saunders@nist.gov>, "Brady, Mary C." <mary.brady@nist.gov>, Jeremy Grant <jeremy.grant@nist.gov>, Jasmeet Seehra <Jasmeet_K._Seehra@omb.eop.gov>, "Hurst, Kevin D." <Kevin_D._Hurst@ostp.eop.gov> Cc: nstc@ostp.gov, datause@omb.eop.gov, Laurent Liscia <laurent.liscia@oasis-open.org>, Scott McGrath <scott.mcgrath@oasis-open.org> Dear NIST, NSTC and OMB stakeholder colleagues: We are forwarding this to you, just for information, as a recent instance of open standards fulfilling some NIST-defined goals for access control and electronic identity services, a function which also is essential to networked transactions in open data. The text below is a comment from one of our member-led technical committees to NIST draft SP 800-162 (Guide to Attribute Based Access Control). This comment is public on our side: under our transparency rules, our TC posts its communications of this kind publicly: https://lists.oasis-open.org/archives/xacml/201305/msg00085.html The XACML open standard suite referenced in this case is a project that also has been shared with and co-published by ITU-T since 2006. OASIS generally works to support our partnerships with public administrations and promote open standards use. No action is sought by this message: we simply are sharing one recent example of interchanges on how functions relevant to public policy needs are fulfilled in the marketplace, using open standards as contemplated by NTTAA and Circular A-119. Cordially, JBC James Bryce Clark, General Counsel OASIS: Advancing open standards for the information society http://www.oasis-open.org/who/staff.php#clark www.identi.ca/JamieXML www.twitter.com/JamieXML http://t.sina.cn/jamiexml http://www.slideshare.net/jamiexml http://facebook.com/oasis.open ---------- Forwarded message ---------- From: Hal Lockhart <hal.lockhart@oracle.com> To: vincent.hu@nist.gov Cc: xacml@lists.oasis-open.org Vincent Hu National Institute of Standards and Technology Dear Sir: The OASIS XACML Technical Committee voted to provide the following comments to NIST. We suggest the following changes for the public review draft of NIST SP800-162 / ABAC: Section 2 (ABAC): "Unfortunately, without a formal definition and implementation guidance, the user and technology communities started implementing ABAC solutions and defining new versions of advanced access control models based upon the XACML model without a common understanding or definition of ABAC." Replace with "Many XACML conformant solutions exist today. All share the same basic functionality, adherence to the ABAC model defined by XACML 3.0 core (http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf), and utilize the definitions contained therein." Sections 3.2.2.12 and 3.2.3.3: Both of these sections seem to overlook the fact that industry and use-case-specific groupings of attributes are available today. These address the implied gap in object metadata and attribute mapping standards. We believe that the NIST SP 800-162 should acknowledge and recommend the use of domain specific attribute taxonomies, such as: . XACML EC-US (http://docs.oasis-open.org/xacml/3.0/ec-us/v1.0/cs02/xacml-3.0-ec-us-v1.0-cs02.pdf) . XACML IPC (http://docs.oasis-open.org/xacml/3.0/ipc/v1.0/cs02/xacml-3.0-ipc-v1.0-cs02-en.pdf) . XACML XSPA (http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-os.pdf) . XACML/TCG MAP Authorization (https://www.oasis-open.org/apps/org/workgroup/xacml/download.php/49017/xacml-3_0-map-authz-v1_0-spec-wd-01-en.doc) . GeoXACML (http://www.opengeospatial.org/standards/geoxacml) . TSCP BAILS (http://www.tscp.org/assets/TSCP_BAILSv1.pdf) Section 3.2.1.5: The XACML TC believes that the "Status", associated "Status" elements, "Advice", and associated "Advice" elements within XACML 3.0 meet the requirements and perceived gap implied in this section, Processes and Procedures for Object Access and Authorization Service Failures. For more information, see the following sections of XACML 3.0 core (http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf): . Status, section 5.54 . Status code, section 5.55 . Status message, section 5.56 . Status detail, section 5.57 . Status codes, section B.8 . Advice, section 5.35 . Advice expressions, section 5.38 . Advice expression, section 5.40 . Associated advice, section 5.33 Section 3.2.2.1: Replace "Implementers of ABAC should strongly consider using a comprehensive standards-based approach that enables current day interoperability and future deployment flexibility by making use of products or capabilities that are built upon widely accepted standards and that employ commonly used interoperability enablers (such as XACML) endorsed by large enterprises" with "Implementers of ABAC should strongly consider using the XACML reference architecture and policy language, as they provide a comprehensive, standards-based approach that enables current day interoperability and future deployment flexibility, by making use of products and capabilities that are built upon the widely accepted standard and that employ commonly used interoperability enablers endorsed by large enterprises." Hal Lockhart Bill Parducci Co-chairs OASIS XACML TC
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]