OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: [xml-dev] XACML Research.

[ Lists Home | Date Index | Thread Index ]

inline

-----Original Message-----
From: Chiusano Joseph [mailto:chiusano_joseph@bah.com] 
Sent: Thursday, September 16, 2004 12:43 PM
To: sri@jerichosystems.com
Cc: Diego M. Gonzalez; xml-dev@lists.xml.org
Subject: Re: [xml-dev] XACML Research.

Srilekha Mudumbai wrote:
> 
> My comment is that XACML stands unique in a way that it not only
> provides a rich language for expressing policies, but
> also provides a request/response language for exchanging
> policy decisions.
> 
> People had been talking about XACML in the past. They are now thinking
> about deploying it in web services security. 

Yes, but XACML has always been intended as a general-purpose (i.e. not
focused specifically on Web Services) access control policy language,
and my prediction is that it will remain as such into the future. The
XACML TC did produce a Web Services Policy Language (WSPL[1]) draft
about one year ago, but it has not advanced within the XACML TC due
(IMO) to the core focus of the TC.


[diegog] I think XACML can be used as a general-purpose but some semantics of the language assumes access control concepts. On the other hand, making it's scope too wide will impact in the language, and probably loosing compatibility with previous versions.


I wouldn't be surprised to see an open standard for Web Services Policy
(access control and more) sometime within the next year, whether it
"branches off" of XACML or is a new committee altogether.


[diegog] If a similar language is developed for WS-Policy it will be great, because the difference between WS-Policy and XACML-like semantics are amazing. WS-Policy is a very limited language to define policies, specially when is compared to XACML semantics.


Kind Regards,
Joe Chiusano
Booz Allen Hamilton
Strategy and Technology Consultants to the World

[1]
http://www.oasis-open.org/committees/download.php/3661/draft-xacml-wspl-04.pdf
> One of the real strengths
> of XACML lies in leveraging assertion and protocol mechanisms provided
> by SAML.
> As more and more people start implementing XACML solutions, the power of
> XACML will be unleashed. But the transition to XACML will take sometime.
> In my opinion, XACML is here to stay for a few solid years.
> 
> Regards
> Srilekha
> 
> Srilekha Mudumbai
> 
> Jericho Systems Corporation
> Dallas, Texas
> 972-231-2000
> 
> The information contained in this e-mail and all attachments transmitted
> with it is the Confidential and Proprietary information of Jericho
> Systems, Corp.  If the reader of this message is not the intended
> recipient, or an employee or agent responsible for delivering this
> message to the intended recipient, you are hereby notified that any
> dissemination, distribution, copying, or other use of this message or
> its attachments is strictly prohibited. If you have received this
> message in error, please notify the sender immediately by replying to
> this message and please delete it from your computer
> 
> 
> -----Original Message-----
> From: Diego M. Gonzalez [mailto:diegog@lagash.com]
> Sent: Thursday, September 16, 2004 8:11 AM
> To: xml-dev@lists.xml.org
> Subject: RE: [xml-dev] XACML Research.
> 
> My comment about future of XACML requires some clarification. I was
> writing about the long term future of XACML, of course semantic web
> technologies requires too much work to finish them and OWL-S is still
> under discussion.
> 
> I think it is very important related to the WebServices technologies and
> standards. So I agree with Joseph in XACML brighter future.
> 
> Best regards,
> Diego Gonzalez
> Lagash Systems SA
> 
> -----Original Message-----
> From: Chiusano Joseph [mailto:chiusano_joseph@bah.com]
> Sent: Thursday, September 16, 2004 10:36 AM
> To: Diego M. Gonzalez
> Cc: xml-dev@lists.xml.org
> Subject: Re: [xml-dev] XACML Research.
> 
> Regarding the future of XACML:
> 
> In the past there has been quite a bit of observation (justified, IMO)
> regarding overlaps in functionality between SAML and XACML, with regard
> to authorization decisions. In the SAML 2.0 Core Specification (OASIS
> Committee Draft[1], released 17-Aug-2004), it states on p.29 regarding
> the SAML Authorization Decision Statement:
> 
> "Note: The <AuthzDecisionStatement> feature has been frozen as of SAML
> V2.0, with no future enhancements planned. Users who require additional
> functionality may want to consider the eXtensible Access Control Markup
> Language [XACML], which offers enhanced authorization decision
> features."
> 
> This is clearly a great step toward helping ensure that the 2 standards
> do not evolve in an overlapping manner for this functionality. One may
> interpret this as meaning a brighter future for XACML.
> 
> Kind Regards,
> Joe Chiusano
> Booz Allen Hamilton
> Strategy and Technology Consultants to the World
> 
> [1]
> http://www.oasis-open.org/committees/download.php/8823/sstc-saml-2.0-cd-
> pdf-xsd.zip
> "Diego M. Gonzalez" wrote:
> >
> > I was working with XACML implementation in a .Net environment, and it
> was interesting for us. We have implemented in an internal project for
> resource management (books, CDs, DVDs, projector, etc) and it was very
> interesting. Some of the limitations of XACML (support for hierarchical
> resources requires too much configuration) were an issue, but we were
> able to solve them. Regarding the speed of development, every applcation
> requires some kind AccessControl management and we were able to save
> that development time. Some other interesting points for XACML is that a
> single language must be learned to define AccessControl policies for any
> project.
> > My favourite feature of XACML is the how powerfull the language is,
> and of course very extensible (funtions, data types, combination
> algorithms, etc). It allows to express a wide range of rules with a very
> simple language.
> >
> > About the future of XACML, I have my point of view, I think Semantic
> Web technologies are growing faster, specially for the rule definition
> ontologies like SWRL, RuleML, DAML, etc. Those new rule based languages
> will make the "constraint definition markup languages" (like XACML or
> WS-Policy) to be based in the new rule definition technologies. CWM [3]
> is a sample of Access Control defined with semantic web technologies.
> >
> > There are some advances in such direction [1], and [2].
> >
> > Hope this helps,
> >
> > Diego Gonzalez
> > Lagash Systems SA
> >
> > [1] http://ebiquity.umbc.edu/v2.1/get/a/publication/89.ppt
> > [2] http://rei.umbc.edu/
> > [3] http://www.w3.org/2000/10/swap/doc/cwm.html
> >
> > -----Original Message-----
> > From: ΰ [mailto:yhw@cnic.cn]
> > Sent: Wednesday, September 15, 2004 10:13 PM
> > To: xml-dev@lists.xml.org
> > Subject: [xml-dev] XACML Research.
> >
> > Hi,i am currently an MSc student and doing my dissertation research on
> The implement XACML on Grid System as a whole solution for users Access
> control.
> > I wanted some information on where to find relevent information or
> link for the following:
> >
> > 1.The impact of XACML
> > -How it effects the Access-Control Technology?
> > -an example of such implementation
> >
> > 2. Next enterprise applications persistence J2EE based XML Access
> Control System or any other live implementation example and future
> perspectives.
> >
> > 3.XACML impact on the speed of development,scalability,portability and
> other feature how it actually achieves it.Some social factors as well
> such as increased usability in terms of
> users,developers,administrators,managers and all the user groups.
> >
> > and finally FUTURE OF XACML
> >
> > I know theses are very specific questions bu any response to any of
> the above is much appreciated.
> >
> > sorry if any inconvenience caused.
> >
> > hope to hear soon
> >
> > Hongwei Yang
> >
> > -----------------------------------------------------------------
> > The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> > initiative of OASIS <http://www.oasis-open.org>
> >
> > The list archives are at http://lists.xml.org/archives/xml-dev/
> >
> > To subscribe or unsubscribe from this list use the subscription
> > manager: <http://www.oasis-open.org/mlmanage/index.php>
> 
> --
> Kind Regards,
> Joseph Chiusano
> Associate
> Booz Allen Hamilton
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> 
> The list archives are at http://lists.xml.org/archives/xml-dev/
> 
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://www.oasis-open.org/mlmanage/index.php>
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> 
> The list archives are at http://lists.xml.org/archives/xml-dev/
> 
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://www.oasis-open.org/mlmanage/index.php>
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> 
> The list archives are at http://lists.xml.org/archives/xml-dev/
> 
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://www.oasis-open.org/mlmanage/index.php>

-- 
Kind Regards,
Joseph Chiusano
Associate
Booz Allen Hamilton

-----------------------------------------------------------------
The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
initiative of OASIS <http://www.oasis-open.org>

The list archives are at http://lists.xml.org/archives/xml-dev/

To subscribe or unsubscribe from this list use the subscription
manager: <http://www.oasis-open.org/mlmanage/index.php>







 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS