[
Lists Home |
Date Index |
Thread Index
]
My comment is that XACML stands unique in a way that it not only
provides a rich language for expressing policies, but
also provides a request/response language for exchanging
policy decisions.
People had been talking about XACML in the past. They are now thinking
about deploying it in web services security. One of the real strengths
of XACML lies in leveraging assertion and protocol mechanisms provided
by SAML.
As more and more people start implementing XACML solutions, the power of
XACML will be unleashed. But the transition to XACML will take sometime.
In my opinion, XACML is here to stay for a few solid years.
Regards
Srilekha
Srilekha Mudumbai
Jericho Systems Corporation
Dallas, Texas
972-231-2000
The information contained in this e-mail and all attachments transmitted
with it is the Confidential and Proprietary information of Jericho
Systems, Corp. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this
message to the intended recipient, you are hereby notified that any
dissemination, distribution, copying, or other use of this message or
its attachments is strictly prohibited. If you have received this
message in error, please notify the sender immediately by replying to
this message and please delete it from your computer
-----Original Message-----
From: Diego M. Gonzalez [mailto:diegog@lagash.com]
Sent: Thursday, September 16, 2004 8:11 AM
To: xml-dev@lists.xml.org
Subject: RE: [xml-dev] XACML Research.
My comment about future of XACML requires some clarification. I was
writing about the long term future of XACML, of course semantic web
technologies requires too much work to finish them and OWL-S is still
under discussion.
I think it is very important related to the WebServices technologies and
standards. So I agree with Joseph in XACML brighter future.
Best regards,
Diego Gonzalez
Lagash Systems SA
-----Original Message-----
From: Chiusano Joseph [mailto:chiusano_joseph@bah.com]
Sent: Thursday, September 16, 2004 10:36 AM
To: Diego M. Gonzalez
Cc: xml-dev@lists.xml.org
Subject: Re: [xml-dev] XACML Research.
Regarding the future of XACML:
In the past there has been quite a bit of observation (justified, IMO)
regarding overlaps in functionality between SAML and XACML, with regard
to authorization decisions. In the SAML 2.0 Core Specification (OASIS
Committee Draft[1], released 17-Aug-2004), it states on p.29 regarding
the SAML Authorization Decision Statement:
"Note: The <AuthzDecisionStatement> feature has been frozen as of SAML
V2.0, with no future enhancements planned. Users who require additional
functionality may want to consider the eXtensible Access Control Markup
Language [XACML], which offers enhanced authorization decision
features."
This is clearly a great step toward helping ensure that the 2 standards
do not evolve in an overlapping manner for this functionality. One may
interpret this as meaning a brighter future for XACML.
Kind Regards,
Joe Chiusano
Booz Allen Hamilton
Strategy and Technology Consultants to the World
[1]
http://www.oasis-open.org/committees/download.php/8823/sstc-saml-2.0-cd-
pdf-xsd.zip
"Diego M. Gonzalez" wrote:
>
> I was working with XACML implementation in a .Net environment, and it
was interesting for us. We have implemented in an internal project for
resource management (books, CDs, DVDs, projector, etc) and it was very
interesting. Some of the limitations of XACML (support for hierarchical
resources requires too much configuration) were an issue, but we were
able to solve them. Regarding the speed of development, every applcation
requires some kind AccessControl management and we were able to save
that development time. Some other interesting points for XACML is that a
single language must be learned to define AccessControl policies for any
project.
> My favourite feature of XACML is the how powerfull the language is,
and of course very extensible (funtions, data types, combination
algorithms, etc). It allows to express a wide range of rules with a very
simple language.
>
> About the future of XACML, I have my point of view, I think Semantic
Web technologies are growing faster, specially for the rule definition
ontologies like SWRL, RuleML, DAML, etc. Those new rule based languages
will make the "constraint definition markup languages" (like XACML or
WS-Policy) to be based in the new rule definition technologies. CWM [3]
is a sample of Access Control defined with semantic web technologies.
>
> There are some advances in such direction [1], and [2].
>
> Hope this helps,
>
> Diego Gonzalez
> Lagash Systems SA
>
> [1] http://ebiquity.umbc.edu/v2.1/get/a/publication/89.ppt
> [2] http://rei.umbc.edu/
> [3] http://www.w3.org/2000/10/swap/doc/cwm.html
>
> -----Original Message-----
> From: Ñîºêΰ [mailto:yhw@cnic.cn]
> Sent: Wednesday, September 15, 2004 10:13 PM
> To: xml-dev@lists.xml.org
> Subject: [xml-dev] XACML Research.
>
> Hi,i am currently an MSc student and doing my dissertation research on
The implement XACML on Grid System as a whole solution for users Access
control.
> I wanted some information on where to find relevent information or
link for the following:
>
> 1.The impact of XACML
> -How it effects the Access-Control Technology?
> -an example of such implementation
>
> 2. Next enterprise applications persistence J2EE based XML Access
Control System or any other live implementation example and future
perspectives.
>
> 3.XACML impact on the speed of development,scalability,portability and
other feature how it actually achieves it.Some social factors as well
such as increased usability in terms of
users,developers,administrators,managers and all the user groups.
>
> and finally FUTURE OF XACML
>
> I know theses are very specific questions bu any response to any of
the above is much appreciated.
>
> sorry if any inconvenience caused.
>
> hope to hear soon
>
> Hongwei Yang
>
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
>
> The list archives are at http://lists.xml.org/archives/xml-dev/
>
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://www.oasis-open.org/mlmanage/index.php>
--
Kind Regards,
Joseph Chiusano
Associate
Booz Allen Hamilton
-----------------------------------------------------------------
The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
initiative of OASIS <http://www.oasis-open.org>
The list archives are at http://lists.xml.org/archives/xml-dev/
To subscribe or unsubscribe from this list use the subscription
manager: <http://www.oasis-open.org/mlmanage/index.php>
-----------------------------------------------------------------
The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
initiative of OASIS <http://www.oasis-open.org>
The list archives are at http://lists.xml.org/archives/xml-dev/
To subscribe or unsubscribe from this list use the subscription
manager: <http://www.oasis-open.org/mlmanage/index.php>
|