OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Standardization Status of Documents

Jan-- Can you give me a short bullet (20 words or less) in non-tech language explaining what use-case the Hierarchical Resource and Multiple-Decision Profiles address (i.e., why they should be nominated to the IDESG Registry.) Thanks!

This will be especially helpful if I can fit your bullets into one of the 4 catgeories specified by IDESG: 

Resilient and Secure
Interoperable, or
Cost-effective and easy to use. 

For example, here's how I've worked in some of the other Profiles: 
" Interoperable.—Profiles support use of the core XACMLv3 spec in conjunction with SAMLv2, JSON and REST. Other Profiles (IPC, EC-US) provide for semantic interoperability of authorization attributes as recommended in [IDESG Recommendation]  INTEROP-BP-C. RECOMMENDED TAXONOMY STANDARDS."

So far I've go nothing based on a Profile addressing "Privacy-enhancing" or "Resilient and Secure" though I am thinking XML Dig Sig Profile might be binned under "Resilient and Secure."  But you didn't mention that in Profile your priority list.

And we don't have to fill in all the categories--I'm just trying to make the strongest case possible. 



On Fri, Jul 1, 2016 at 3:44 AM, Herrmann, Jan <jan.herrmann@siemens.com> wrote:

Hi Martin, Hal,


based on the use cases I am dealing with, I would name the following profiles being the most active/important… ones in descending order:

1.     REST                        

2.     JSON                        

3.     RBAC  

4.     SAML

Followed with some gap by:

·         Hierarchical Resource      

·         Multiple Decision         


Another thought on XACML Profiles: Quite some time ago I read Hal`s paper on the relation of OAuth2 and XACML. Do you know of people using XACML within a OAuth ecosystem? Did the TC ever discuss if an OAUTH2 profile of XACML (or vice versa) makes sense? Here at Siemens OAuth based IAM solutions are rapidly spreading and some guidance how fine grained authorization with XACML can be married with token based authentication à la OAuth might help to solve use cases and also help XACML’s popularity/usage in practice.  


BR Jan


Siemens AG
Corporate Technology
Otto-Hahn-Ring 6
81739 Muenchen, Germany
Tel.: +49 89 636-633675
Fax: +49 89 636-48000
Mobile: +49 173 3157961
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322





Von: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] Im Auftrag von Martin Smith
Gesendet: Donnerstag, 30. Juni 2016 23:15
An: Hal Lockhart
Betreff: Re: [xacml] Standardization Status of Documents


Hal-- I think your message below is what you mentioned in last call's discussion of which profiles we might want to submit for the IDESG Standards Registry. 


I'll put together a draft IDESG Nomination form bundling these together (but separately from the core v3 spec draft nomination I posted.) 


Recall that (at least according to Jamie, who is very familiar with the IDESG processes) OASIS Committee Specs should be eligible for the IDESG Standards Registry. But of course it can't hurt to have a Profile on track to OASIS Standard.  


And I do agree that it would be good to affirm implementations for JSON and REST (and SAML..?) One of the IDESG eval points is "interoperability" and being able to say XACML works with JSON and REST would be a talking point on that issue. 


So, are you thinking we should all the Profiles below in the nomination form for IDESG?  If not, can anyone suggest a "most relevant/important/active" subset?









Hierarchical Resource       

Multiple Decision          



Additional Combining Algs.   




Also another request for help. Given the available space on the Nomination Form and the limited review bandwidth available to the IDESG SCC, it would be GREAT to have 1-line bullets expressing the relevance/importance/target-use-case of each of the Profiles we include. (I can try to extract this myself from the Profile introductions, but I expect the authors of each Profile could summarize theirs better.) 









On Thu, May 26, 2016 at 10:41 AM, Hal Lockhart <hal.lockhart@oracle.com> wrote:

The following documents have reached OASIS Standard.








The TC does not plan to progress the following document past Committee Specification at the current time.


Administration & Delegation


The following documents have reached CS, but not yet received any Statements of Use.






I found SoU's against the following documents.


Hierarchical Resource         Axiomatics

Multiple Decision             Axiomatics

REST                          Axiomatics, EMC

JSON                          Axiomatics

Additional Combining Algs.    Axiomatics, EMC

Privacy                       ViewDS

RBAC                          ViewDS


Does anyone have any corrections or additions to the above?


Can we get some more SOU’s for REST & JSON? I believe these are the ones that people want to use. (Or are using.)






Martin F Smith, Principal

BFC Consulting, LLC

McLean, Va 22102

703 389-3224 mobile

Martin F Smith, Principal
BFC Consulting, LLC
McLean, Va 22102
703 506-0159
703 389-3224 mobile

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]