[
Lists Home |
Date Index |
Thread Index
]
Regarding the future of XACML:
In the past there has been quite a bit of observation (justified, IMO)
regarding overlaps in functionality between SAML and XACML, with regard
to authorization decisions. In the SAML 2.0 Core Specification (OASIS
Committee Draft[1], released 17-Aug-2004), it states on p.29 regarding
the SAML Authorization Decision Statement:
"Note: The <AuthzDecisionStatement> feature has been frozen as of SAML
V2.0, with no future enhancements planned. Users who require additional
functionality may want to consider the eXtensible Access Control Markup
Language [XACML], which offers enhanced authorization decision
features."
This is clearly a great step toward helping ensure that the 2 standards
do not evolve in an overlapping manner for this functionality. One may
interpret this as meaning a brighter future for XACML.
Kind Regards,
Joe Chiusano
Booz Allen Hamilton
Strategy and Technology Consultants to the World
[1]
http://www.oasis-open.org/committees/download.php/8823/sstc-saml-2.0-cd-pdf-xsd.zip
"Diego M. Gonzalez" wrote:
>
> I was working with XACML implementation in a .Net environment, and it was interesting for us. We have implemented in an internal project for resource management (books, CDs, DVDs, projector, etc) and it was very interesting. Some of the limitations of XACML (support for hierarchical resources requires too much configuration) were an issue, but we were able to solve them. Regarding the speed of development, every applcation requires some kind AccessControl management and we were able to save that development time. Some other interesting points for XACML is that a single language must be learned to define AccessControl policies for any project.
> My favourite feature of XACML is the how powerfull the language is, and of course very extensible (funtions, data types, combination algorithms, etc). It allows to express a wide range of rules with a very simple language.
>
> About the future of XACML, I have my point of view, I think Semantic Web technologies are growing faster, specially for the rule definition ontologies like SWRL, RuleML, DAML, etc. Those new rule based languages will make the "constraint definition markup languages" (like XACML or WS-Policy) to be based in the new rule definition technologies. CWM [3] is a sample of Access Control defined with semantic web technologies.
>
> There are some advances in such direction [1], and [2].
>
> Hope this helps,
>
> Diego Gonzalez
> Lagash Systems SA
>
> [1] http://ebiquity.umbc.edu/v2.1/get/a/publication/89.ppt
> [2] http://rei.umbc.edu/
> [3] http://www.w3.org/2000/10/swap/doc/cwm.html
>
> -----Original Message-----
> From: Ñîºêΰ [mailto:yhw@cnic.cn]
> Sent: Wednesday, September 15, 2004 10:13 PM
> To: xml-dev@lists.xml.org
> Subject: [xml-dev] XACML Research.
>
> Hi,i am currently an MSc student and doing my dissertation research on The implement XACML on Grid System as a whole solution for users Access control.
> I wanted some information on where to find relevent information or link for the following:
>
> 1.The impact of XACML
> -How it effects the Access-Control Technology?
> -an example of such implementation
>
> 2. Next enterprise applications persistence J2EE based XML Access Control System or any other live implementation example and future perspectives.
>
> 3.XACML impact on the speed of development,scalability,portability and other feature how it actually achieves it.Some social factors as well such as increased usability in terms of users,developers,administrators,managers and all the user groups.
>
> and finally FUTURE OF XACML
>
> I know theses are very specific questions bu any response to any of the above is much appreciated.
>
> sorry if any inconvenience caused.
>
> hope to hear soon
>
> Hongwei Yang
>
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
>
> The list archives are at http://lists.xml.org/archives/xml-dev/
>
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://www.oasis-open.org/mlmanage/index.php>
--
Kind Regards,
Joseph Chiusano
Associate
Booz Allen Hamilton
|
