OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Comment on NIST SP 1800-3b from the OASIS XACML TC

The OASIS XACML Technical Committee welcomes NIST's draft SP 1800-3 Attribute Based Access Control - Practice Guide as an addition to the guidance available for implementers of advanced access-control capability.

This is a comment [representing the consensus view of the Technical Committee] on the SP 1800-3b document (Approach, Architecture, and Security Characteristics), which states it is "intended for individuals responsible for implementing IT security solutions."

We note and agree with the stated context of the guidance, i.e., "This example solution is made of many commercially available parts. You might swap one of the products we used for one that is better suited for your environment."

We suggest that the guidance would be significantly enhanced by addition of an architectural description or depiction that is not product-specific. Such a logical solution architecture, indicating the componentization, interfaces and applicable standards, would permit implementers to use the guidance to configure a variety of product-specific solutions, thus increasing the applicability and impact of NIST's work.

A depiction of the logical solution architecture would also be simpler and easier to understand than the product-specific configuration in the current draft, since it would not have to depict the interactions needed only for the specific solution described in the draft.  

We suggest that the High-Level Architecture included in the NCCOE's ABAC Building Block V2, of April 1, 2015, would serve this purpose.  This logical ABAC architecture depiction would provide a clear transition between the Practice Guide's Overview of "demonstrable capabilities" (functional requirements) in Section 5.1 of the draft SP 1800b and the product-specific ABAC Build 1 Architecture currently depicted in Section 5.2. 

We appreciate this opportunity to comment and look forward to publication of the final version of the Practice Guide.

Hal Lockhart
Bill Parducci
Co-chairs OASIS XACML Technical Committee

P.S. We have attached the same comment in the spreadsheet provided by NIST, but it appears to be unreadable, thus we are providing a copy in plain text also.

Attachment: Copy of ABAC External Comments Worksheet Template-1.xls
Description: MS-Excel spreadsheet

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]