OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] Policy Distribtion

Is the approach to make the PAP the gateway to the PRP? Will the PAP orchestrate the policy sync, update, distribution, etc  regardless of the PDP vendor implementation? Maybe we can develop some use cases to facilitate the discussion and agree on the approach. I would be happy to help with that.


From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of Sinnema, Remon
Sent: Monday, August 26, 2013 7:21 AM
To: David Brossard (david.brossard@axiomatics.com)
Cc: xacml@lists.oasis-open.org
Subject: RE: [xacml] Policy Distribtion


Hi David,


The consensus at the time was that I described an API for something that wasn’t standardized, so the standardization had to come first. I’m glad to see that we’re now getting to that. Once we’ve established a standard way of distributing policies, I’ll be happy to add an API for that to the REST profile.







From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of David Brossard
Sent: Monday, August 26, 2013 3:25 PM
To: Hill, Richard C
Cc: xacml@lists.oasis-open.org
Subject: Re: [xacml] Policy Distribtion


Hi Richard, everyone,


In Ray's initial REST draft, he included a standardized PAP API. I believe this was axed later. I think we should revisit that effort.




On Fri, Aug 23, 2013 at 8:06 PM, Hill, Richard C <Richard.C.Hill@boeing.com> wrote:

As I mentioned on yesterday's TC call, it's starting to be become apparent that large companies and multi-agency government entities will need a standard way to distribute XACML policies (e.g. sync updates from a centralized policy repository point to PDPs). The XACML 3.0 specification, section 2.9 Policy distribution, leaves policy distribution implementation to XACML product companies. Understandably, these implementations may be fine tuned to work well with one company's XACML products, but may not with another company's XACML products. Additionally, it cannot be guaranteed that each org in a large company or all government agencies will use the same company's XACML products. I believe that without a standard approach to distribute, sync, etc, XACML policies it may become a barrier to XACML adoption.


Hal Lockhart stated, on the TC call, that he has started work on trying to standardize this in the past and has taken the action to revive this effort. I would like to help with this and I encourage other to participate as well.


Hal, Is there a link on the Wiki on your past policy distribution work?





David Brossard, M.Eng, SCEA, CSTP
Product Manager
+46(0)760 25 85 75
Axiomatics AB
Skeppsbron 40
S-111 30 Stockholm, Sweden

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]