[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Suggested TC comment on NIST 1800-3
We briefly discussed making comments on the new NIST SP 1800-3. Here's the comment that seems most important to me, as it allow other vendors than those participating in the NCCOE configuration to show alignment with the NIST guidance. As it is, there is no guidance provided how one might "swap" other products for one or more of the ones in the "reference architecture."We will want to consider making other comments as well, but I wanted to get the ball rolling . . .MartinDraftMartin smithComment on NIST SP 1800-3: Attribute Based Access Control - Practice GuideThe oasis xacml technical committee appreciates NIST's addition to the guidance available for implementers of advanced access-control capability.We note and agree with the stated context of the guidance, i.e., "This example solution is made of many commercially available parts. You might swap one of the products we used for one that is better suited for your environment."We suggest that the guidance would be significantly enhanced by addition of an architectural description that is not product-specific. Such a description should satisfy the functional objectives stated in the document, and show where standards are applicable at interfaces in the solution. Such an architecture would permit implementers to use the guidance to configure a variety of product-specific solutions, thus increasing the applicability and impact of NIST's work.A depiction of the logical solution architecture would also be simpler and easier to understand than the product-specific configuration in the current draft, since it would not have to depict the interactions needed only for the specific solution described in the draft.