OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Publicizing XACML & ABAC


To follow up on today's call, here is what I have been doing to spread the good word on ABAC and XACML.

I've also been monitoring authorization-related questions on Stackoverflow as well as other Stack Exchange sites e.g. https://softwareengineering.stackexchange.com and https://security.stackexchange.com

There is still a long way to go. Most developers do not know how to implement authorization. At best they have heard of RBAC but often they'll try to implement it themselves rather than use a library.

There are a few things we could do:
  1. Continue increasing the knowledge base on ABAC online (pretty much what I have been doing)
  2. Collaborate with other entities e.g. OWASP, NIST, OASIS (the relevant TCs), other standards bodies e.g. SCIM, OAuth2... We could deliver a cheat sheet for OWASP.
  3. Take part in another XACML interop? Be at another security conference?
What else?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]