OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] XACML Research.

[ Lists Home | Date Index | Thread Index ]

Chiusano Joseph wrote:
> Regarding the future of XACML:
> In the past there has been quite a bit of observation (justified, IMO)
> regarding overlaps in functionality between SAML and XACML, with regard
> to authorization decisions. In the SAML 2.0 Core Specification (OASIS
> Committee Draft[1], released 17-Aug-2004), it states on p.29 regarding
> the SAML Authorization Decision Statement:
> "Note: The <AuthzDecisionStatement> feature has been frozen as of SAML
> V2.0, with no future enhancements planned. Users who require additional
> functionality may want to consider the eXtensible Access Control Markup
> Language [XACML], which offers enhanced authorization decision
> features."
> This is clearly a great step toward helping ensure that the 2 standards
> do not evolve in an overlapping manner for this functionality. One may
> interpret this as meaning a brighter future for XACML.

I think you're right on here. There has been considerable effort in the 
XACML and SAML 2.0 processes to clearly define the relationship, and 
make sure we're not duplicating effort. In addition to specific changes 
to SAML 2.0, there is also an XACML Profile for SAML (which was just 
voted today to committee draft) which defines some specific elements of 
this relationship. I think this will make it even easier to use SAML and 
XACML as complimentary technologies.

As an aside, I've been involved in several prototype experiments to use 
SAML and XACML together. With the 2.0 specifications coming down the 
pipeline, I'm looking forward to finally seeing standard implementations 
that will interoperate. If anyone is bored (heh) and looking for 
something to try building, I'd be happy to provide some pointers about 
how to get started on this...



News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS