Re: [xacml-users] 答复: [xacml-users] NIST releases a new publication on ABAC comparing XACML and NGAC

[David Brossard <david.brossard@axiomatics.com>]

The download URL to the paper is http://csrc.nist.gov/publications/drafts/800-178/sp800_178_draft.pdf

Unfortunately I have not been able to find resources on NGAC. My understanding is that it's research that's been ongoing for the past 10 years at NIST.

Regarding encoding, there seems to be this misconception that XACML is XML. That is simply not true. XACML is a standard for access control based on policies and attributes. The encoding that is put forward by the XACML technical committee is indeed XML and the standard does use a schema as a formal means to express the standard. But that is the extent to which XML is used. XACML can be used for any type of access control and doesn't require XML knowledge or XML-based systems.

As a matter of fact, in the past two years, the standard has been focusing on developer-friendly and lightweight interfaces such as a REST interface for the PDP (work led by Remon Sinnema of EMC) and JSON encoding of a XACML request / response (work led by Axiomatics). It makes XACML 84% smaller. See these slides (http://www.slideshare.net/DavidBrossard/new-school-identity-protocols-fight-for-your-love-final) from the Gartner Catalyst 2013 conference.

Cheers,

David.