OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  Planning the work of the TC

    Posted 07-27-2009 22:08
    
    
    
    
    
    As everyone is aware, Jam Herman and the OGC folks have proposed a lot of potential changes to the hierachical and multi profiles. Seperately from that I recently posted two new submissions to the list.
     
    I suggest that we spend the next two meetings on overviews of the AZ API and AMF respectively. I would like get everyone up to speed and thinking about them and it will also be an opportunity to answer questions and provide additional information relating to them. Further, I am expecting Jan to join the TC soon and would like to hold off on his proposals until he can participate as a member.
     
    If no one has any objections, I propose that we spend the bulk of the next call letting Rich give an overview of the API. Then on Aug 13, I will go over the AMF.
     
    Any objections, questions, comments?
     
    Hal


  • 2.  RE: [xacml] Planning the work of the TC

    Posted 07-28-2009 12:38
    
    
    
    
    
    The AZ API is a good thing to work on.  It will make it easier for 3rd-party software vendors to make their products work with XACML.  We implemented a special-purpose version, so we'll review the submission for points of similarity and difference.
     
    If you're asking for other Big Things the TC could work on, I have a couple of suggestions:
     
    1. Revive the effort to map XACML policy language to a standard rule language.  There is an old document at http://www.oasis-open.org/committees/download.php/11929/access_control-xacml-3.0-generalization-spec-wd-03.doc.  With the imminent release of RIF (http://www.w3.org/2005/rules/wiki/RIF_Working_Group) it is a good time to consider the feasibility and benefits of standard mechanisms for 1- or 2-way mapping between XACML and RIF.
     
    2. Consider formalisms for linking XACML to RDF/OWL at both abstract and concrete levels.  I see at least 2 aspects:
        a. Produce a XACML ontology in RDF/OWL
        b. Standards or guidelines for mapping XACML attribute ids to RDF Properties
     
    The linkage to RDF/OWL would enable integration of XACML systems with enterprise ontologies, and allow use of web-wide standard ontologies for non-enterprise-specific attributes.  A SPARQL endpoint (or several) would be a particularly elegant implementation of a PIP.  This approach might answer some of the use cases addressed by the AMF proposal.
     
    --Paul

    From: Harold Lockhart [mailto:hal.lockhart@oracle.com]
    Sent: Monday, July 27, 2009 17:08
    To: xacml@lists.oasis-open.org
    Subject: [xacml] Planning the work of the TC

    As everyone is aware, Jam Herman and the OGC folks have proposed a lot of potential changes to the hierachical and multi profiles. Seperately from that I recently posted two new submissions to the list.
     
    I suggest that we spend the next two meetings on overviews of the AZ API and AMF respectively. I would like get everyone up to speed and thinking about them and it will also be an opportunity to answer questions and provide additional information relating to them. Further, I am expecting Jan to join the TC soon and would like to hold off on his proposals until he can participate as a member.
     
    If no one has any objections, I propose that we spend the bulk of the next call letting Rich give an overview of the API. Then on Aug 13, I will go over the AMF.
     
    Any objections, questions, comments?  
     
    Hal  


  • 3.  Proposed new work items - was RE: [xacml] Planning the work of the TC

    Posted 07-28-2009 15:22
    
    
    
    
    
    I was really just trying to plan the agenda for the next 2 or 3 meetings, but new work items are always welcome as long as there are people willing to work on them. The best way to propose new work is to post to the list (as you have done) and to add new issues to the wiki. http://wiki.oasis-open.org/xacml/ Any Member (voting or not) can modify the wiki.
     
    With respect to the specific proposals, first speaking as co-chair:
     
    1. The work on the generalization of XACML was halted when it was pointed out that the TC's Charter specificaly limits it to Access Control. This work could be taken up by a new TC, but so far no such proposal for a TC has been made to OASIS.
     
    I will comment as an individual in a separate email.
     
    Hal

    The AZ API is a good thing to work on.  It will make it easier for 3rd-party software vendors to make their products work with XACML.  We implemented a special-purpose version, so we'll review the submission for points of similarity and difference.
     
    If you're asking for other Big Things the TC could work on, I have a couple of suggestions:
     
    1. Revive the effort to map XACML policy language to a standard rule language.  There is an old document at http://www.oasis-open.org/committees/download.php/11929/access_control-xacml-3.0-generalization-spec-wd-03.doc.  With the imminent release of RIF (http://www.w3.org/2005/rules/wiki/RIF_Working_Group) it is a good time to consider the feasibility and benefits of standard mechanisms for 1- or 2-way mapping between XACML and RIF.
     
    2. Consider formalisms for linking XACML to RDF/OWL at both abstract and concrete levels.  I see at least 2 aspects:
        a. Produce a XACML ontology in RDF/OWL
        b. Standards or guidelines for mapping XACML attribute ids to RDF Properties
     
    The linkage to RDF/OWL would enable integration of XACML systems with enterprise ontologies, and allow use of web-wide standard ontologies for non-enterprise-specific attributes.  A SPARQL endpoint (or several) would be a particularly elegant implementation of a PIP.  This approach might answer some of the use cases addressed by the AMF proposal.
     
    --Paul

    From: Harold Lockhart [mailto:hal.lockhart@oracle.com]
    Sent: Monday, July 27, 2009 17:08
    To: xacml@lists.oasis-open.org
    Subject: [xacml] Planning the work of the TC

    As everyone is aware, Jam Herman and the OGC folks have proposed a lot of potential changes to the hierachical and multi profiles. Seperately from that I recently posted two new submissions to the list.
     
    I suggest that we spend the next two meetings on overviews of the AZ API and AMF respectively. I would like get everyone up to speed and thinking about them and it will also be an opportunity to answer questions and provide additional information relating to them. Further, I am expecting Jan to join the TC soon and would like to hold off on his proposals until he can participate as a member.
     
    If no one has any objections, I propose that we spend the bulk of the next call letting Rich give an overview of the API. Then on Aug 13, I will go over the AMF.
     
    Any objections, questions, comments?  
     
    Hal