[
Lists Home |
Date Index |
Thread Index
]
Srilekha Mudumbai wrote:
>
> My comment is that XACML stands unique in a way that it not only
> provides a rich language for expressing policies, but
> also provides a request/response language for exchanging
> policy decisions.
>
> People had been talking about XACML in the past. They are now thinking
> about deploying it in web services security.
Yes, but XACML has always been intended as a general-purpose (i.e. not
focused specifically on Web Services) access control policy language,
and my prediction is that it will remain as such into the future. The
XACML TC did produce a Web Services Policy Language (WSPL[1]) draft
about one year ago, but it has not advanced within the XACML TC due
(IMO) to the core focus of the TC.
I wouldn't be surprised to see an open standard for Web Services Policy
(access control and more) sometime within the next year, whether it
"branches off" of XACML or is a new committee altogether.
Kind Regards,
Joe Chiusano
Booz Allen Hamilton
Strategy and Technology Consultants to the World
[1]
http://www.oasis-open.org/committees/download.php/3661/draft-xacml-wspl-04.pdf
> One of the real strengths
> of XACML lies in leveraging assertion and protocol mechanisms provided
> by SAML.
> As more and more people start implementing XACML solutions, the power of
> XACML will be unleashed. But the transition to XACML will take sometime.
> In my opinion, XACML is here to stay for a few solid years.
>
> Regards
> Srilekha
>
> Srilekha Mudumbai
>
> Jericho Systems Corporation
> Dallas, Texas
> 972-231-2000
>
> The information contained in this e-mail and all attachments transmitted
> with it is the Confidential and Proprietary information of Jericho
> Systems, Corp. If the reader of this message is not the intended
> recipient, or an employee or agent responsible for delivering this
> message to the intended recipient, you are hereby notified that any
> dissemination, distribution, copying, or other use of this message or
> its attachments is strictly prohibited. If you have received this
> message in error, please notify the sender immediately by replying to
> this message and please delete it from your computer
>
>
> -----Original Message-----
> From: Diego M. Gonzalez [mailto:diegog@lagash.com]
> Sent: Thursday, September 16, 2004 8:11 AM
> To: xml-dev@lists.xml.org
> Subject: RE: [xml-dev] XACML Research.
>
> My comment about future of XACML requires some clarification. I was
> writing about the long term future of XACML, of course semantic web
> technologies requires too much work to finish them and OWL-S is still
> under discussion.
>
> I think it is very important related to the WebServices technologies and
> standards. So I agree with Joseph in XACML brighter future.
>
> Best regards,
> Diego Gonzalez
> Lagash Systems SA
>
> -----Original Message-----
> From: Chiusano Joseph [mailto:chiusano_joseph@bah.com]
> Sent: Thursday, September 16, 2004 10:36 AM
> To: Diego M. Gonzalez
> Cc: xml-dev@lists.xml.org
> Subject: Re: [xml-dev] XACML Research.
>
> Regarding the future of XACML:
>
> In the past there has been quite a bit of observation (justified, IMO)
> regarding overlaps in functionality between SAML and XACML, with regard
> to authorization decisions. In the SAML 2.0 Core Specification (OASIS
> Committee Draft[1], released 17-Aug-2004), it states on p.29 regarding
> the SAML Authorization Decision Statement:
>
> "Note: The <AuthzDecisionStatement> feature has been frozen as of SAML
> V2.0, with no future enhancements planned. Users who require additional
> functionality may want to consider the eXtensible Access Control Markup
> Language [XACML], which offers enhanced authorization decision
> features."
>
> This is clearly a great step toward helping ensure that the 2 standards
> do not evolve in an overlapping manner for this functionality. One may
> interpret this as meaning a brighter future for XACML.
>
> Kind Regards,
> Joe Chiusano
> Booz Allen Hamilton
> Strategy and Technology Consultants to the World
>
> [1]
> http://www.oasis-open.org/committees/download.php/8823/sstc-saml-2.0-cd-
> pdf-xsd.zip
> "Diego M. Gonzalez" wrote:
> >
> > I was working with XACML implementation in a .Net environment, and it
> was interesting for us. We have implemented in an internal project for
> resource management (books, CDs, DVDs, projector, etc) and it was very
> interesting. Some of the limitations of XACML (support for hierarchical
> resources requires too much configuration) were an issue, but we were
> able to solve them. Regarding the speed of development, every applcation
> requires some kind AccessControl management and we were able to save
> that development time. Some other interesting points for XACML is that a
> single language must be learned to define AccessControl policies for any
> project.
> > My favourite feature of XACML is the how powerfull the language is,
> and of course very extensible (funtions, data types, combination
> algorithms, etc). It allows to express a wide range of rules with a very
> simple language.
> >
> > About the future of XACML, I have my point of view, I think Semantic
> Web technologies are growing faster, specially for the rule definition
> ontologies like SWRL, RuleML, DAML, etc. Those new rule based languages
> will make the "constraint definition markup languages" (like XACML or
> WS-Policy) to be based in the new rule definition technologies. CWM [3]
> is a sample of Access Control defined with semantic web technologies.
> >
> > There are some advances in such direction [1], and [2].
> >
> > Hope this helps,
> >
> > Diego Gonzalez
> > Lagash Systems SA
> >
> > [1] http://ebiquity.umbc.edu/v2.1/get/a/publication/89.ppt
> > [2] http://rei.umbc.edu/
> > [3] http://www.w3.org/2000/10/swap/doc/cwm.html
> >
> > -----Original Message-----
> > From: Ñîºêΰ [mailto:yhw@cnic.cn]
> > Sent: Wednesday, September 15, 2004 10:13 PM
> > To: xml-dev@lists.xml.org
> > Subject: [xml-dev] XACML Research.
> >
> > Hi,i am currently an MSc student and doing my dissertation research on
> The implement XACML on Grid System as a whole solution for users Access
> control.
> > I wanted some information on where to find relevent information or
> link for the following:
> >
> > 1.The impact of XACML
> > -How it effects the Access-Control Technology?
> > -an example of such implementation
> >
> > 2. Next enterprise applications persistence J2EE based XML Access
> Control System or any other live implementation example and future
> perspectives.
> >
> > 3.XACML impact on the speed of development,scalability,portability and
> other feature how it actually achieves it.Some social factors as well
> such as increased usability in terms of
> users,developers,administrators,managers and all the user groups.
> >
> > and finally FUTURE OF XACML
> >
> > I know theses are very specific questions bu any response to any of
> the above is much appreciated.
> >
> > sorry if any inconvenience caused.
> >
> > hope to hear soon
> >
> > Hongwei Yang
> >
> > -----------------------------------------------------------------
> > The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> > initiative of OASIS <http://www.oasis-open.org>
> >
> > The list archives are at http://lists.xml.org/archives/xml-dev/
> >
> > To subscribe or unsubscribe from this list use the subscription
> > manager: <http://www.oasis-open.org/mlmanage/index.php>
>
> --
> Kind Regards,
> Joseph Chiusano
> Associate
> Booz Allen Hamilton
>
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
>
> The list archives are at http://lists.xml.org/archives/xml-dev/
>
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://www.oasis-open.org/mlmanage/index.php>
>
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
>
> The list archives are at http://lists.xml.org/archives/xml-dev/
>
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://www.oasis-open.org/mlmanage/index.php>
>
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
>
> The list archives are at http://lists.xml.org/archives/xml-dev/
>
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://www.oasis-open.org/mlmanage/index.php>
--
Kind Regards,
Joseph Chiusano
Associate
Booz Allen Hamilton
|