OASIS eXtensible Access Control Markup Language (XACML) TC

Hi all,
  I had a presentation at the Computer Security Institute (CSI) Annual 
Conference 2007 in Washington DC on Tuesday (Nov.6). [1]

Title: *Robust Web-Based Security Using OASIS SAML and XACML

*There were lot of curious folks out there who wanted to learn more 
about SAML 2 and XACML 2.

There were some folks who were confused with the role of SAML2 in XACML2 
and whether there was a dependence on SAML2 for XACML. Plus can SAML2 do 
its own authorization etc.  I think we have to do a better job at 
educating folks about these questions (I know the answers and have told 
the attendees).

Regards,
Anil

[1] https://www.cmpevents.com/CSI34/a.asp?option=C&V=11&SessID=5757

-- 
Anil Saldhana
Project/Technical Lead,
JBoss Security & Identity Management
JBoss, A division of Red Hat Inc.
http://labs.jboss.com/portal/jbosssecurity/

I also want to mention that there was a presentation from Abbie (cannot 
remember 2005 or 2006) that basically answered the confusion about SAML2 
and XACML2, that I found online (did not use the material in my 
presentation as I saw it after I delivered).

This is the reason why I felt the need for a Focus Area for XACML (just 
like the one being done for SAML) that can group together presentations, 
articles etc.

Anil Saldhana wrote:
> Hi all,
>  I had a presentation at the Computer Security Institute (CSI) Annual 
> Conference 2007 in Washington DC on Tuesday (Nov.6). [1]
>
> Title: *Robust Web-Based Security Using OASIS SAML and XACML
>
> *There were lot of curious folks out there who wanted to learn more 
> about SAML 2 and XACML 2.
>
> There were some folks who were confused with the role of SAML2 in 
> XACML2 and whether there was a dependence on SAML2 for XACML. Plus can 
> SAML2 do its own authorization etc.  I think we have to do a better 
> job at educating folks about these questions (I know the answers and 
> have told the attendees).
>
> Regards,
> Anil
>
> [1] https://www.cmpevents.com/CSI34/a.asp?option=C&V=11&SessID=5757
-- 
Anil Saldhana
Project/Technical Lead,
JBoss Security & Identity Management
JBoss, A division of Red Hat Inc.
http://labs.jboss.com/portal/jbosssecurity/

Anil,

We should consider the creation of a XACML primer, along the lines of 
the SAML technical overview. Be warned  that its a large task - it has 
literally  taken a core group of 2-3 talented people more than a couple 
of years to get the SAML document to where it is today.

Here is a link to the SAML work:

http://www.oasis-open.org/apps/org/workgroup/security/download.php/23922/sstc-saml-tech-overview-2.0-cd-01.zip

We would be ready to help but we need commitments from others as well.

- prateek

> I also want to mention that there was a presentation from Abbie 
> (cannot remember 2005 or 2006) that basically answered the confusion 
> about SAML2 and XACML2, that I found online (did not use the material 
> in my presentation as I saw it after I delivered).
>
> This is the reason why I felt the need for a Focus Area for XACML 
> (just like the one being done for SAML) that can group together 
> presentations, articles etc.
>
> Anil Saldhana wrote:
>> Hi all,
>>  I had a presentation at the Computer Security Institute (CSI) Annual 
>> Conference 2007 in Washington DC on Tuesday (Nov.6). [1]
>>
>> Title: *Robust Web-Based Security Using OASIS SAML and XACML
>>
>> *There were lot of curious folks out there who wanted to learn more 
>> about SAML 2 and XACML 2.
>>
>> There were some folks who were confused with the role of SAML2 in 
>> XACML2 and whether there was a dependence on SAML2 for XACML. Plus 
>> can SAML2 do its own authorization etc.  I think we have to do a 
>> better job at educating folks about these questions (I know the 
>> answers and have told the attendees).
>>
>> Regards,
>> Anil
>>
>> [1] https://www.cmpevents.com/CSI34/a.asp?option=C&V=11&SessID=5757