OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] US NIST 1800-3 ABAC

Hi John,

On 3/10/2015 6:21 AM, John Tolbert wrote:

NIST is releasing a practice guide for ABAC.  It features XACML prominently.  The call for comments is open until Dec. 4, 2015.  Perhaps we should discuss on our next call and determine if we have any collective comments for them.


I notice that SP 1800-3b treats ABAC and externalized authorization as synonymous
(see 3.2 and 5.4.5). XACML is about both, but it isn't necessarily so in general.
One can implement ABAC without externalized authorization and one can implement
externalized authorization without using ABAC.

Some of the claimed benefits of ABAC over RBAC are actually benefits of externalized
authorization over internal, per-application authorization.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]