The consensus at the time was that I described an API for something that wasn’t standardized, so the standardization had to come first. I’m glad to see that
we’re now getting to that. Once we’ve established a standard way of distributing policies, I’ll be happy to add an API for that to the REST profile.
From: email@example.com [mailto:firstname.lastname@example.org]
On Behalf Of David Brossard
Sent: Monday, August 26, 2013 3:25 PM
To: Hill, Richard C
Subject: Re: [xacml] Policy Distribtion
Hi Richard, everyone,
In Ray's initial REST draft, he included a standardized PAP API. I believe this was axed later. I think we should revisit that effort.
On Fri, Aug 23, 2013 at 8:06 PM, Hill, Richard C <Richard.C.Hill@boeing.com> wrote:
As I mentioned on yesterday's TC call, it's starting to be become apparent that large companies and multi-agency government entities will need a standard way to distribute XACML
policies (e.g. sync updates from a centralized policy repository point to PDPs). The XACML 3.0 specification, section 2.9 Policy distribution, leaves policy distribution implementation to XACML product companies. Understandably, these implementations may be
fine tuned to work well with one company's XACML products, but may not with another company's XACML products. Additionally, it cannot be guaranteed that each org in a large company or all government agencies will use the same company's XACML products. I believe
that without a standard approach to distribute, sync, etc, XACML policies it may become a barrier to XACML adoption.
Hal Lockhart stated, on the TC call, that he has started work on trying to standardize this in the past and has taken the action to revive this effort. I would like to help with
this and I encourage other to participate as well.
Hal, Is there a link on the Wiki on your past policy distribution work?
David Brossard, M.Eng, SCEA, CSTP
+46(0)760 25 85 75
S-111 30 Stockholm, Sweden