OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: [xml-dev] XACML Research.

[ Lists Home | Date Index | Thread Index ]

Hi Joe,

Agreed. XACML is indeed a general purpose policy language.

I heard that BAH is implementing some solution using XACML.
Can you throw me a light on how XACML is being used for your
purpose?

I would be glad to hear from others too on their thoughts about
XACML deployment.

Regards
Srilekha

Srilekha Mudumbai
 
Jericho Systems Corporation
Dallas, Texas
972-231-2000
 
The information contained in this e-mail and all attachments transmitted
with it is the Confidential and Proprietary information of Jericho
Systems, Corp.  If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this
message to the intended recipient, you are hereby notified that any
dissemination, distribution, copying, or other use of this message or
its attachments is strictly prohibited. If you have received this
message in error, please notify the sender immediately by replying to
this message and please delete it from your computer
	 

-----Original Message-----
From: Chiusano Joseph [mailto:chiusano_joseph@bah.com] 
Sent: Thursday, September 16, 2004 9:43 AM
To: sri@jerichosystems.com
Cc: 'Diego M. Gonzalez'; xml-dev@lists.xml.org
Subject: Re: [xml-dev] XACML Research.

Srilekha Mudumbai wrote:
> 
> My comment is that XACML stands unique in a way that it not only
> provides a rich language for expressing policies, but
> also provides a request/response language for exchanging
> policy decisions.
> 
> People had been talking about XACML in the past. They are now thinking
> about deploying it in web services security. 

Yes, but XACML has always been intended as a general-purpose (i.e. not
focused specifically on Web Services) access control policy language,
and my prediction is that it will remain as such into the future. The
XACML TC did produce a Web Services Policy Language (WSPL[1]) draft
about one year ago, but it has not advanced within the XACML TC due
(IMO) to the core focus of the TC.

I wouldn't be surprised to see an open standard for Web Services Policy
(access control and more) sometime within the next year, whether it
"branches off" of XACML or is a new committee altogether.

Kind Regards,
Joe Chiusano
Booz Allen Hamilton
Strategy and Technology Consultants to the World

[1]
http://www.oasis-open.org/committees/download.php/3661/draft-xacml-wspl-
04.pdf
> One of the real strengths
> of XACML lies in leveraging assertion and protocol mechanisms provided
> by SAML.
> As more and more people start implementing XACML solutions, the power
of
> XACML will be unleashed. But the transition to XACML will take
sometime.
> In my opinion, XACML is here to stay for a few solid years.
> 
> Regards
> Srilekha
> 
> Srilekha Mudumbai
> 
> Jericho Systems Corporation
> Dallas, Texas
> 972-231-2000
> 
> The information contained in this e-mail and all attachments
transmitted
> with it is the Confidential and Proprietary information of Jericho
> Systems, Corp.  If the reader of this message is not the intended
> recipient, or an employee or agent responsible for delivering this
> message to the intended recipient, you are hereby notified that any
> dissemination, distribution, copying, or other use of this message or
> its attachments is strictly prohibited. If you have received this
> message in error, please notify the sender immediately by replying to
> this message and please delete it from your computer
> 
> 
> -----Original Message-----
> From: Diego M. Gonzalez [mailto:diegog@lagash.com]
> Sent: Thursday, September 16, 2004 8:11 AM
> To: xml-dev@lists.xml.org
> Subject: RE: [xml-dev] XACML Research.
> 
> My comment about future of XACML requires some clarification. I was
> writing about the long term future of XACML, of course semantic web
> technologies requires too much work to finish them and OWL-S is still
> under discussion.
> 
> I think it is very important related to the WebServices technologies
and
> standards. So I agree with Joseph in XACML brighter future.
> 
> Best regards,
> Diego Gonzalez
> Lagash Systems SA
> 
> -----Original Message-----
> From: Chiusano Joseph [mailto:chiusano_joseph@bah.com]
> Sent: Thursday, September 16, 2004 10:36 AM
> To: Diego M. Gonzalez
> Cc: xml-dev@lists.xml.org
> Subject: Re: [xml-dev] XACML Research.
> 
> Regarding the future of XACML:
> 
> In the past there has been quite a bit of observation (justified, IMO)
> regarding overlaps in functionality between SAML and XACML, with
regard
> to authorization decisions. In the SAML 2.0 Core Specification (OASIS
> Committee Draft[1], released 17-Aug-2004), it states on p.29 regarding
> the SAML Authorization Decision Statement:
> 
> "Note: The <AuthzDecisionStatement> feature has been frozen as of SAML
> V2.0, with no future enhancements planned. Users who require
additional
> functionality may want to consider the eXtensible Access Control
Markup
> Language [XACML], which offers enhanced authorization decision
> features."
> 
> This is clearly a great step toward helping ensure that the 2
standards
> do not evolve in an overlapping manner for this functionality. One may
> interpret this as meaning a brighter future for XACML.
> 
> Kind Regards,
> Joe Chiusano
> Booz Allen Hamilton
> Strategy and Technology Consultants to the World
> 
> [1]
>
http://www.oasis-open.org/committees/download.php/8823/sstc-saml-2.0-cd-
> pdf-xsd.zip
> "Diego M. Gonzalez" wrote:
> >
> > I was working with XACML implementation in a .Net environment, and
it
> was interesting for us. We have implemented in an internal project for
> resource management (books, CDs, DVDs, projector, etc) and it was very
> interesting. Some of the limitations of XACML (support for
hierarchical
> resources requires too much configuration) were an issue, but we were
> able to solve them. Regarding the speed of development, every
applcation
> requires some kind AccessControl management and we were able to save
> that development time. Some other interesting points for XACML is that
a
> single language must be learned to define AccessControl policies for
any
> project.
> > My favourite feature of XACML is the how powerfull the language is,
> and of course very extensible (funtions, data types, combination
> algorithms, etc). It allows to express a wide range of rules with a
very
> simple language.
> >
> > About the future of XACML, I have my point of view, I think Semantic
> Web technologies are growing faster, specially for the rule definition
> ontologies like SWRL, RuleML, DAML, etc. Those new rule based
languages
> will make the "constraint definition markup languages" (like XACML or
> WS-Policy) to be based in the new rule definition technologies. CWM
[3]
> is a sample of Access Control defined with semantic web technologies.
> >
> > There are some advances in such direction [1], and [2].
> >
> > Hope this helps,
> >
> > Diego Gonzalez
> > Lagash Systems SA
> >
> > [1] http://ebiquity.umbc.edu/v2.1/get/a/publication/89.ppt
> > [2] http://rei.umbc.edu/
> > [3] http://www.w3.org/2000/10/swap/doc/cwm.html
> >
> > -----Original Message-----
> > From: Ñîºêΰ [mailto:yhw@cnic.cn]
> > Sent: Wednesday, September 15, 2004 10:13 PM
> > To: xml-dev@lists.xml.org
> > Subject: [xml-dev] XACML Research.
> >
> > Hi,i am currently an MSc student and doing my dissertation research
on
> The implement XACML on Grid System as a whole solution for users
Access
> control.
> > I wanted some information on where to find relevent information or
> link for the following:
> >
> > 1.The impact of XACML
> > -How it effects the Access-Control Technology?
> > -an example of such implementation
> >
> > 2. Next enterprise applications persistence J2EE based XML Access
> Control System or any other live implementation example and future
> perspectives.
> >
> > 3.XACML impact on the speed of development,scalability,portability
and
> other feature how it actually achieves it.Some social factors as well
> such as increased usability in terms of
> users,developers,administrators,managers and all the user groups.
> >
> > and finally FUTURE OF XACML
> >
> > I know theses are very specific questions bu any response to any of
> the above is much appreciated.
> >
> > sorry if any inconvenience caused.
> >
> > hope to hear soon
> >
> > Hongwei Yang
> >
> > -----------------------------------------------------------------
> > The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> > initiative of OASIS <http://www.oasis-open.org>
> >
> > The list archives are at http://lists.xml.org/archives/xml-dev/
> >
> > To subscribe or unsubscribe from this list use the subscription
> > manager: <http://www.oasis-open.org/mlmanage/index.php>
> 
> --
> Kind Regards,
> Joseph Chiusano
> Associate
> Booz Allen Hamilton
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> 
> The list archives are at http://lists.xml.org/archives/xml-dev/
> 
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://www.oasis-open.org/mlmanage/index.php>
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> 
> The list archives are at http://lists.xml.org/archives/xml-dev/
> 
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://www.oasis-open.org/mlmanage/index.php>
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> 
> The list archives are at http://lists.xml.org/archives/xml-dev/
> 
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://www.oasis-open.org/mlmanage/index.php>

-- 
Kind Regards,
Joseph Chiusano
Associate
Booz Allen Hamilton






 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS