OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  RE: [xacml] Planning the work of the TC

    Posted 07-28-2009 13:37
    Paul/Hal -- Not sure my message will get to the list as I am an observer, but I do have some requests for the group to consider. Please relay to the group if they seem reasonable to you . . .
     
    Support for inspection of target metadata and/or actual query results during rule processing;
     
    Don't know how to put this exactly, but some consideration of how the target resource is characterized.  From what I have seen.some big rule sets are bug because they try to include specifc rules per target URL, vs. rules aimed at more general metadata characterizing the legal or policy nature of the target. This is probably mostly out of scope for this TC, but someone has to address it.  We have developed a largish ruleset (in pseudocode) that expresses the Privacy Act and other laws/regs applicable to info handling in our (homeland-security) space, which may illustrate the problem.
     
    (Did anything get organized in the way of an informal meeting at Burton Catalyst in this week?  I am headed out there today and would like to participate if possible.)
     
    Thanks,
     
    martin
     
    
    Martin F. Smith
    Branch Chief, National Security Systems
    DHS/I&A/IM 
    202 447-3743 desk
    202 441-9731 cell
    888 272-3610 pager
    
    ________________________________
    
    From: xacml-return-1458-martin.smith=dhs.gov@lists.oasis-open.org on behalf of Tyson, Paul H
    Sent: Tue 7/28/2009 8:37 AM
    To: Harold Lockhart; xacml@lists.oasis-open.org
    Subject: RE: [xacml] Planning the work of the TC
    
    
    The AZ API is a good thing to work on.  It will make it easier for 3rd-party software vendors to make their products work with XACML.  We implemented a special-purpose version, so we'll review the submission for points of similarity and difference.
     
    If you're asking for other Big Things the TC could work on, I have a couple of suggestions:
     
    1. Revive the effort to map XACML policy language to a standard rule language.  There is an old document at http://www.oasis-open.org/committees/download.php/11929/access_control-xacml-3.0-generalization-spec-wd-03.doc 


  • 2.  RE: [xacml] Planning the work of the TC

    Posted 07-28-2009 15:41
    Martin,
    
    You are in fact a member of the TC and therefore can post and otherwise contribute. I have verified that your message was posted to the XACML list.
    
    I will repeat the suggestion I made to Paul, add an issue to the wiki. http://wiki.oasis-open.org/xacml/
    
    We are always interested in policy requirements and examples or real world policies. I think most would agree that creating XACML policies at the moment is at least as much art as science. To some extent the xacml-users mailing list is intended to be a forum for discussion of issues relating to policy design. (Like the xacml-dev list, xacml-users is open to anyone in the world, not just OASIS members.)
    
    Regarding Catalyst, there was a workshop yesterday, of which the first half was devoted to XACML. I am not aware of any other planned meeting. However I do know that Prateek Mishra of Oracle and John Tolbert of Boeing (along with a number of other Boeing people) are out there. I suggest you try to connect with them informally.
    
    Hal