OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

XACML-based web services policy assertion language

  • 1.  XACML-based web services policy assertion language

    Posted 12-08-2005 16:06
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: XACML-based web services policy assertion language


    Colleagues,
    
    I'm sorry to post twice on this, but apparently some XACML members did
    not see the previous message and I was asked to post the information again.
    
    There is a public OASIS discussion list just starting at
    
      Post:      dipal-discuss@lists.oasis-open.org
      Subscribe: dipal-discuss-subscribe@lists.oasis-open.org
      Archives:  http://lists.oasis-open.org/archives/dipal-discuss/
    
    on the topic of starting up a new OASIS TC to try to standardize a web
    services policy assertion language.  Sun has offered a specification
    that uses XACML <Apply> elements as a possible starting point for such a
    language.
    
    Right now, under the best-known web services policy language frameworks,
    each policy Assertion is a new schema element, whose semantics are
    completely defined in the specification associated with the Assertion.
    This means there can be no standard policy processor that can match two
    Assertions or verify inputs against an Assertion; a policy processor
    MUST have an Assertion-specific processing module to handle each
    Assertion it supports.  This makes life very hard for service brokers,
    service compositors, service intermediaries, etc., which may need to
    match policies between two services, or do some policy verification, but
    may not have the Assertion-specific code modules for all the Assertions
    in the policies they handle.  XACML seems like such a good example of a
    standard language for expressing things like "Assertions", that requires
    no "domain-specific" modules, and a language like that would allow much
    more "domain-independent" processing of policies, greatly increasing
    interoperability.
    
    There is more information related to this concept, including slides, a
    white paper, and the "XACML-based Web Services Policy Assertion Language
    (WS-PolicyConstraints)" specification at
    
      http://research.sun.com/projects/xacml/
    
    I encourage you to subscribe to the list and participate in the
    discussion.  Just posting "I think this is a great idea" (or not :-)
    would be very helpful.
    
    Regards,
    Anne
    -- 
    Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311     Tel: 781/442-0928
    Burlington, MA 01803-0902 USA  Fax: 781/442-1692
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]