OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] XACML Research.

[ Lists Home | Date Index | Thread Index ]

Diego M. Gonzalez wrote:
> [...]
> [diegog] I think XACML can be used as a general-purpose but some
> semantics of the language assumes access control concepts. On the other
> hand, making it's scope too wide will impact in the language, and
> probably loosing compatibility with previous versions.

When people are using the term "general purpose" it means "general 
purpose access control language" (as opposed to an authorization 
language designed for a particular application or environment). So, yes, 
you're absolutely right that most of the semantics are designed for 
access control. There have been some profiles and proposals for 
supporting communication or ECA policy, but the core stays true to 
access control as the key use case.

> [diegog] If a similar language is developed for WS-Policy it will be
> great, because the difference between WS-Policy and XACML-like semantics
> are amazing. WS-Policy is a very limited language to define policies,
> specially when is compared to XACML semantics.

Absolutely. Specifically, WS-Policy is really about communication 
policy, or the requirements for two parties (like a client and a web 
service) to work together. XACML will help inform these policies, since 
communication criteria is often based on backing access control policy, 
but these are definately different kinds of questions being answered. 
The WSPL profile mentioned in a previous message is an attempt to 
profile XACML such that it also answers the kind of questions that 
WS-Policy is designed to handle, only with a more expressive set of 
semantics and some (in my opinion) stronger features. In general, I 
think it's a good thing that there are separate, complimentary policy 
language spaces like this. Conflating these into one language would, as 
you note above, have a detrimental impact on the languages.



News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS