OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
  • 1.  Possible clarification on XACML interop test

    Posted 02-28-2007 16:47
    I listened in to a Burton Group "telebriefing" this morning on Web 
    Access Management, and the analyst, Mark Diodati, referred to the XACML 
    interop event Burton is interested in sponsoring at the next Catalyst 
    conference.
    
    The analyst did not shed much light on what Burton (and its customers) 
    really want, but the emphasis seemed to be on support for XACML's 
    Request/Response formats rather than on support for XACML policies.
    
    In order to test interoperability of products with XACML 
    Request/Response formats, two things need to be tested.  First is 
    whether the product supports XACML's Request/Response formats at all 
    (Diodati did not distinguish between raw Request/Response versus 
    encapsulation using the SAML profile).  The second is whether the XACML 
    Request/Response format can convey the information required to evaluate 
    existing WAM policies, whether those policies are XACML policies or some 
    other existing format.   This seemed to be the analyst's primary concern.
    
    Design an XACML policy interoperability test requires testing the 
    various XACML policy capabilities.  Products that translate XACML 
    policies into their native policy format may be able to translate some 
    XACML policy functionality but not all.  Even products that use XACML as 
    their native format may not support all features.  This type of test 
    would need to be something like our Conformance tests, to see exactly 
    which features various products can handle, either directly or by 
    translation.  I think the problem of Attribute retrieval could be 
    finessed by specifying that all Attributes required to evaluate the 
    policies are supplied in the Request.
    
    Regards,
    Anne
    -- 
    Anne H. Anderson               Anne.Anderson@sun.com
    Sun Microsystems Labs          1-781-442-0928
    Burlington, MA USA
    
    


  • 2.  Re: [xacml] Possible clarification on XACML interop test

    Posted 02-28-2007 17:24
    Hi Anne,

    I am attaching the first draft of the interop doc I sent out to
    the interop mailing list a few days ago. It sounds like your
    input will help us establish a solid starting point. At the
    1st interop teleconf there appeared to be significant
    interest in policy interoperability as well. At this point
    the policy interoperability is very loosely defined - basically
    put your vendor created policy in a common repository.

    I have also attached the announcement for the interop
    mailing list from Dee Schur if you are interested in
    being added.

    Thanks,
    Rich

    Anne Anderson wrote:
    > I listened in to a Burton Group "telebriefing" this morning on Web
    > Access Management, and the analyst, Mark Diodati, referred to the
    > XACML interop event Burton is interested in sponsoring at the next
    > Catalyst conference.
    >
    > The analyst did not shed much light on what Burton (and its customers)
    > really want, but the emphasis seemed to be on support for XACML's
    > Request/Response formats rather than on support for XACML policies.
    >
    > In order to test interoperability of products with XACML
    > Request/Response formats, two things need to be tested. First is
    > whether the product supports XACML's Request/Response formats at all
    > (Diodati did not distinguish between raw Request/Response versus
    > encapsulation using the SAML profile). The second is whether the
    > XACML Request/Response format can convey the information required to
    > evaluate existing WAM policies, whether those policies are XACML
    > policies or some other existing format. This seemed to be the
    > analyst's primary concern.
    >
    > Design an XACML policy interoperability test requires testing the
    > various XACML policy capabilities. Products that translate XACML
    > policies into their native policy format may be able to translate some
    > XACML policy functionality but not all. Even products that use XACML
    > as their native format may not support all features. This type of
    > test would need to be something like our Conformance tests, to see
    > exactly which features various products can handle, either directly or
    > by translation. I think the problem of Attribute retrieval could be
    > finessed by specifying that all Attributes required to evaluate the
    > policies are supplied in the Request.
    >
    > Regards,
    > Anne
    To Interop Participants,

    As discussed at last week's Feb 13 Initial Concall for the XACML Interop
    event,
    I have prepared an initial draft of the Interop Scenarios document.

    This initial draft is intended to set the context for the Interop
    scenario planning
    and it currently only includes introductory text and a preliminary
    diagram describing
    what I believe was basically discussed at the Feb 13 Concall. The intent
    is that
    this will provide a basis for the next step of providing more detail
    about the 2 categories
    of scenarios (AZ decision, policy exchange) and the 3 components that
    will be the
    focus of interopability: PEP/CH, PDP, PAP.

    Any comments or suggestions will be appreciated, especially if there was
    anything
    left out from the Concall discussion, or if anything appears unclear or
    needs correction.

    Thanks,
    Rich

    ---------------------------------------------------------------------
    To unsubscribe, e-mail: xacml-demo-tech-unsubscribe@lists.oasis-open.org
    For additional commands, e-mail: xacml-demo-tech-help@lists.oasis-open.orgHi Sekhar,
    Email: ssarukkai@securent.net
    Let me know if you receive this email? Does anyone else get a bounce?
    Thanks,

    Dee Schur
    Member Support
    www.oasis-open.org

    OASIS Symposium:
    "eBusiness and Open Standards:
    Understanding the Facts, Fiction, and Future"
    15-18 April 2007 San Diego, CA USA
    http://www.oasis-open.org/events/symposium/



    --
    No virus found in this outgoing message.
    Checked by AVG Free Edition.
    Version: 7.5.441 / Virus Database: 268.17.39/687 - Release Date: 2/14/2007
    4:17 PM



    ---------------------------------------------------------------------
    To unsubscribe, e-mail: xacml-demo-tech-unsubscribe@lists.oasis-open.org
    For additional commands, e-mail: xacml-demo-tech-help@lists.oasis-open.org