OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Publicizing XACML & ABAC

Sorry I missed the meeting today--seems like a good discussion. 

My dream for XACML is that I could write policies in common pseudo-code style:  just if/then/else logic with a bit of paren to disambiguate. Something even a lawyer can use, if how I think of it. 


On Thu, May 11, 2017 at 6:24 PM, David Brossard <david.brossard@axiomatics.com> wrote:

To follow up on today's call, here is what I have been doing to spread the good word on ABAC and XACML.

I've also been monitoring authorization-related questions on Stackoverflow as well as other Stack Exchange sites e.g. https://softwareengineering.stackexchange.com and https://security.stackexchange.com

There is still a long way to go. Most developers do not know how to implement authorization. At best they have heard of RBAC but often they'll try to implement it themselves rather than use a library.

There are a few things we could do:
  1. Continue increasing the knowledge base on ABAC online (pretty much what I have been doing)
  2. Collaborate with other entities e.g. OWASP, NIST, OASIS (the relevant TCs), other standards bodies e.g. SCIM, OAuth2... We could deliver a cheat sheet for OWASP.
  3. Take part in another XACML interop? Be at another security conference?
What else?


Martin F Smith, Principal
BFC Consulting, LLC
McLean, Va 22102
703 506-0159
703 389-3224 mobile

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]