Here is the version that we worked on in the con-call.
The scope part and beyond are still under work.
-Suresh
----------------------------------------------------------------------------
-
Product of TC
XACML TC will define a core XML schema for representing authorization and
entitlement policies, also called XACML.
Policy Target
The target of a policy (hereafter referred to as "target") can be any object
that can be referenced using XML.
Protocols and bindings
XACML TC will identify bindings
to existing protocols (e.g., XPath, LDAP), and define new protocols, if
necessary, as means of accessing and communicating the policies.
Scope
XACML is expected to address fine grained control of authorized activities,
the effect of characteristics of the access requestor, the protocol over
which the request is made, authorization based on classes of activities, and
content introspection (i.e. authorization based on both the requestor and
potentially attribute values within the target where the values of the
attributes may not be known to the policy writer). XACML is also expected to
suggest a policy authorization model to guide implementers of the
authorization mechanism.
Extensibility
XACML core schema is extensible for as yet unknown features
Interoperability
XACML TC will define interoperability of XACML core schema
with other standards
-----------------------------------------------------www.stercomm.com-------
------------------------------------------------------
Suresh Damodaran, Ph.D. Sterling Commerce, a
SBC Company
Senior Software Architect 750 W. John
Carpenter Freeway
469-524-2676 (O) Irving, TX
75039-2505