OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

RE: [xacml] New Issue#61: WS-XACML: How are the contents of XACMLAuthzAssertions represented in the base XACML Policies

  • 1.  RE: [xacml] New Issue#61: WS-XACML: How are the contents of XACMLAuthzAssertions represented in the base XACML Policies

    Posted 12-20-2006 21:25
    Anne -- 
     
    I am just an "observer" in the SOA-RM TC. Which is why I cc'd Frank McCabe, who is Secretary of the TC.  I think he might be the right person with whom make TC-2-TC arrangements.
     
    I will be happy to assist as I'm able.
     
    Thanks,
     
    Martin
     
    Martin F. Smith
    Program Manager, Information Sharing & Identity Management
    DHS CIO Office
    202 447-3743 (New! as of 10/2006)
    202 441-9731 cell
     
    
    ________________________________
    
    From: Anne Anderson - Sun Microsystems [mailto:Anne.Anderson@sun.com]
    Sent: Wed 12/20/2006 3:11 PM
    To: Smith, Martin
    Cc: xacml@lists.oasis-open.org; frankmccabe@mac.com
    Subject: Re: [xacml] New Issue#61: WS-XACML: How are the contents of XACMLAuthzAssertions represented in the base XACML Policies
    
    
    
    Hi Martin,
    
    I think a "cross-walk" would be helpful.  Can we get scheduling such a
    joint discussion on the agenda for tomorrow?  Could we invite the SOA-RM
    people to an XACML TC meeting in the near future?
    
    Regards,
    Anne
    
    Smith, Martin wrote On 12/20/06 13:23,:
    > The OASIS SOA-RM (Reference Model) has a concept called "service description"; another called "policy" and another called "contract."  In general, "service description" is visible; "policy" is "owned" by a service and is probably not completely visible (or maybe the visible part is published into the "service description".)  Contract is owned jointly by the participants in a transaction--presumably visible to them but probably not typically to others.
    > 
    > At the level of abstraction of the RM, nothing is said about policy language or contract representation, and the details of what's in service description ("metadata") are TBD.
    > 
    > All these areas might address some access-control policy issues, but of course they would include other issues as well--pricing, service levels, usage instructions, etc.
    > 
    > At some point, it might be good to do a cross-walk between the SOA-RM (and Reference Architecture, forthcoming) and XACML work (and SAML work while we're at it.) That might result in some "fit" that would give you logical slots for "WS-XACML."
    >
    > (OASIS SOA-RM TC home page: http://www.oasis-open.org/apps/org/workgroup/soa-rm/index.php
    > and on policy specifically: http://wiki.oasis-open.org/soa-rm/TheArchitecture/Policy )
    > 
    > Martin
    > 
    > 
    > Martin F. Smith
    > Program Manager, Information Sharing & Identity Management
    > DHS CIO Office
    > 202 447-3743 (New! as of 10/2006)
    > 202 441-9731 cell
    > 
    >
    > ________________________________
    >
    > From: xacml-return-119-martin.smith=dhs.gov@lists.oasis-open.org on behalf of Anne Anderson - Sun Microsystems
    > Sent: Wed 12/20/2006 9:23 AM
    > To: Rich Levinson
    > Cc: xacml@lists.oasis-open.org
    > Subject: Re: [xacml] New Issue#61: WS-XACML: How are the contents of XACMLAuthzAssertions represented in the base XACML Policies
    >
    >
    >
    > Hi Rich,
    >
    > The problem to me with having WS-XACML policies integrated with other
    > policies is that it is not possible in general to extract an isolated
    >