OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
Expand all | Collapse all

RE: [xacml] New Issue#61: WS-XACML: How are the contents of XACMLAuthzAssertions represented in the base XACML Policies

  • 1.  RE: [xacml] New Issue#61: WS-XACML: How are the contents of XACMLAuthzAssertions represented in the base XACML Policies

    Posted 12-20-2006 18:24
    The OASIS SOA-RM (Reference Model) has a concept called "service description"; another called "policy" and another called "contract."  In general, "service description" is visible; "policy" is "owned" by a service and is probably not completely visible (or maybe the visible part is published into the "service description".)  Contract is owned jointly by the participants in a transaction--presumably visible to them but probably not typically to others.
     
    At the level of abstraction of the RM, nothing is said about policy language or contract representation, and the details of what's in service description ("metadata") are TBD.
     
    All these areas might address some access-control policy issues, but of course they would include other issues as well--pricing, service levels, usage instructions, etc. 
     
    At some point, it might be good to do a cross-walk between the SOA-RM (and Reference Architecture, forthcoming) and XACML work (and SAML work while we're at it.) That might result in some "fit" that would give you logical slots for "WS-XACML."
    
    (OASIS SOA-RM TC home page: http://www.oasis-open.org/apps/org/workgroup/soa-rm/index.php 
    and on policy specifically: http://wiki.oasis-open.org/soa-rm/TheArchitecture/Policy )
     
    Martin
     
     
    Martin F. Smith
    Program Manager, Information Sharing & Identity Management
    DHS CIO Office
    202 447-3743 (New! as of 10/2006)
    202 441-9731 cell
     
    
    ________________________________
    
    From: xacml-return-119-martin.smith=dhs.gov@lists.oasis-open.org on behalf of Anne Anderson - Sun Microsystems
    Sent: Wed 12/20/2006 9:23 AM
    To: Rich Levinson
    Cc: xacml@lists.oasis-open.org
    Subject: Re: [xacml] New Issue#61: WS-XACML: How are the contents of XACMLAuthzAssertions represented in the base XACML Policies
    
    
    
    Hi Rich,
    
    The problem to me with having WS-XACML policies integrated with other
    policies is that it is not possible in general to extract an isolated
    


  • 2.  Re: [xacml] New Issue#61: WS-XACML: How are the contents ofXACMLAuthzAssertions represented in the base XACML Policies

    Posted 12-20-2006 20:12
    Hi Martin,
    
    I think a "cross-walk" would be helpful.  Can we get scheduling such a 
    joint discussion on the agenda for tomorrow?  Could we invite the SOA-RM 
    people to an XACML TC meeting in the near future?
    
    Regards,
    Anne
    
    Smith, Martin wrote On 12/20/06 13:23,:
    > The OASIS SOA-RM (Reference Model) has a concept called "service description"; another called "policy" and another called "contract."  In general, "service description" is visible; "policy" is "owned" by a service and is probably not completely visible (or maybe the visible part is published into the "service description".)  Contract is owned jointly by the participants in a transaction--presumably visible to them but probably not typically to others.
    >  
    > At the level of abstraction of the RM, nothing is said about policy language or contract representation, and the details of what's in service description ("metadata") are TBD.
    >  
    > All these areas might address some access-control policy issues, but of course they would include other issues as well--pricing, service levels, usage instructions, etc. 
    >  
    > At some point, it might be good to do a cross-walk between the SOA-RM (and Reference Architecture, forthcoming) and XACML work (and SAML work while we're at it.) That might result in some "fit" that would give you logical slots for "WS-XACML."
    > 
    > (OASIS SOA-RM TC home page: http://www.oasis-open.org/apps/org/workgroup/soa-rm/index.php 
    > and on policy specifically: http://wiki.oasis-open.org/soa-rm/TheArchitecture/Policy )
    >  
    > Martin
    >  
    >  
    > Martin F. Smith
    > Program Manager, Information Sharing & Identity Management
    > DHS CIO Office
    > 202 447-3743 (New! as of 10/2006)
    > 202 441-9731 cell
    >  
    > 
    > ________________________________
    > 
    > From: xacml-return-119-martin.smith=dhs.gov@lists.oasis-open.org on behalf of Anne Anderson - Sun Microsystems
    > Sent: Wed 12/20/2006 9:23 AM
    > To: Rich Levinson
    > Cc: xacml@lists.oasis-open.org
    > Subject: Re: [xacml] New Issue#61: WS-XACML: How are the contents of XACMLAuthzAssertions represented in the base XACML Policies
    > 
    > 
    > 
    > Hi Rich,
    > 
    > The problem to me with having WS-XACML policies integrated with other
    > policies is that it is not possible in general to extract an isolated
    >