[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XACML 2.0 specification submitted for OASIS Standard
OASIS members: The OASIS Extensible Access Control Markup Language (XACML) TC has submitted the set of documents collectively referred to as XACML 2.0, an approved Committee Draft, to be considered as an OASIS Standard. The TC's submission is attached below. In accordance with the OASIS Technical Committee Process, the specification has already gone through a 30 day public review period. (http://lists.oasis-open.org/archives/tc-announce/200410/msg00002.html) OASIS members now have until the 15th of January to familiarize themselves with the submission below. OASIS members should give their input on this question to the voting representative of their organization. By the 16th of the month we will send out a Call For Vote to the voting representatives of the OASIS member organizations, who will have until the end of the month to cast their ballots on whether this Committee Draft should be approved as an OASIS Standard. The normative TC Process for approval of Committee Drafts as OASIS Standards is found at http://www.oasis-open.org/committees/process.php#standard Any statements related to the IPR of this specification are posted at http://www.oasis-open.org/committees/xacml/ipr.php Mary P McRae Manager of TC Administration, OASIS email: mary.mcrae@oasis-open.org ------------------------------- On December 9, 2004 the OASIS XACML TC voted to submit the set of documents collectively referred to as XACML 2.0 to be voted on as an OASIS Standard. We hereby provide the materials required by the OASIS TC process. 1. A formal specification that is a valid member of its type, together with appropriate documentation for the specification, both of which must be written using approved OASIS templates; The normative documents are available here: http://www.oasis-open.org/committees/download.php/10578/XACML-2.0-CD-NORMATI VE.zip The individual documents are: o Core Specification: eXtensible Access Control Markup Language (XACML) Version 2.0 + Committee Draft 04, 6 December 2004 # Specification Document: access_control-xacml-2_0-core-spec-cd-04.pdf # Policy Schema: access_control-xacml-2.0-policy-schema-cd-04.xsd # Context Schema: access_control-xacml-2.0-context-schema-cd-04.xsd o SAML 2.0 profile of XACML + Committee Draft 02, 11 November 2004 # Specification Document: access_control-xacml-2.0-saml_profile-spec-cd-02.pdf # SAML 2.0 Assertion Extension Schema: access_control-xacml-2.0-saml-assertion-schema-cd-01.xsd # SAML 2.0 Protocol Extension Schema: access_control-xacml-2.0-saml-protocol-schema-cd-01.xsd o XML Digital Signature profile of XACML + Committee Draft 01, 11 November 2004 # Specification Document: access_control-xacml-2.0-dsig_profile-spec-cd-01.pdf o Privacy policy profile of XACML + Committee Draft 01, 11 November 2004 # Specification Document: access_control-xacml-2_0-privacy_profile-spec-cd-01.pdf o Hierarchical Resource profile of XACML + Committee Draft 01, 11 November 2004 # Specification Document: access_control-xacml-2.0-hier_profile-spec-cd-01.pdf o Multiple Resource profile of XACML + Committee Draft 01, 11 November 2004 # Specification Document: access_control-xacml-2.0-mult_profile-spec-cd-01.pdf o Core and Hierarchical Role Based Access Control (RBAC) profile of XACML, Version 2.0 + Committee Draft 01, 11 November 2004 # Specification Document: access_control-xacml-2.0-rbac_profile1-spec-cd-01.pdf 2. A clear English-language summary of the specification; The eXtensible Access Control Markup Language (XACML) is an XML vocabulary for expressing access control policies. Access control consists of deciding if a requested resource access should be allowed and enforcing that decision. Access control policies are the criteria for making access control decisions. The XACML core specification defines the syntax of the language and the rules for evaluating policies. XACML is designed to operate efficiently in large-scale environments, which are characterized by continuous change, and where the information used for access control purposes may be maintained by autonomous parties who do not closely coordinate their activities. XACML policies are able to make use of virtually any available information to make decisions, including specifically the identities and properties of any of the parties to the action, the properties and content of the resources to be acted on, the type of actions requested and environmental information such as the date and time or location of the request. XACML specifies an extensive set of Boolean and data manipulation operators for specifying policy evaluation. XACML allows for multiple policies to apply to a given access control decision and provides an extensible set of combining rules for resolving conflicting evaluation results. XACML also provides an extensible mechanism for specifying additional actions to be taken when access is granted or denied. XACML 1.0 became an OASIS Standard on February 18, 2003. New features in XAML 2.0 include a number of new profiles, described below, Combining Algorithm parameters, Policy versions as a part of the reference mechanism, macro capabilities, some new datatypes and functions and a variety of improvements to the syntax to ease implementation. XACML Profiles define capabilities that are specific to a particular environment or mode of use. XACML 2.0 contains the following Profiles: o Digital Signature - defines how XML Digital Signatures may be applied to XACML Policies o Multiple Resource - defines how access control decision requests can be made on more than one resource at a time o Hierarchical Resource - defines how access control policies and access control decision requests can be specified which apply to resources which are arranged in a hierarchy o Role Based Access Control (RBAC) - defines how XACML can be used to implement Role Based Access Control o Security Assertion Markup Language (SAML) - Extends elements of the SAML schema for policy retrieval, distributed decision requests, attaching of creation metadata to policies and attribute compatibility between SAML and XACML o Privacy - defines how XACML may be used to enforce privacy policies. 3. A statement regarding the relationship of this specification to similar work of other OASIS TCs or other standards developing organizations; As far as we are aware XACML is the only language being developed in a standards body which specifically addresses Access Control. We are aware of other efforts to develop policy languages for other purposes which may overlap to some degree with XACML. 4. Certification by at least three OASIS member organizations that they are successfully using the specification consistently with the OASIS IPR Policy; BEA Systems, Entrust and Gluecode have so certified. http://lists.oasis-open.org/archives/xacml/200411/msg00011.html http://lists.oasis-open.org/archives/xacml/200411/msg00012.html http://lists.oasis-open.org/archives/xacml/200412/msg00004.html 5. An account of each of the comments/issues raised during the public review period, along with its resolution; All the comments and responses are available in the archive (see #8 below). One comment was deemed a request for clarification and responded to on the list. All other comments were incorporated into the specifications. 6. An account of and results of the voting to approve the approve the specification as a Committee Draft; The minutes of the meetings where Committee Draft votes were taken as noted above, are here: November 11, 2004 - http://lists.oasis-open.org/archives/xacml/200411/msg00017.html December 6, 2004 - http://lists.oasis-open.org/archives/xacml/200412/msg00005.html All votes were unanimous. 7. An account of or pointer to votes and comments received in any earlier attempts to standardize substantially the same specification, together with the originating TC's response to each comment; There were no prior attempts. 8. A pointer to the publicly visible comments archive for the originating TC; http://lists.oasis-open.org/archives/xacml-comment/ 9. A statement from the chair of the TC certifying that all members of the TC have been provided with a copy of the OASIS IPR Policy; and This was done by email on November 9, 2004. http://lists.oasis-open.org/archives/xacml/200411/msg00007.html 10. Optionally, a pointer to any minority reports submitted by one or more TC members who did not vote in favor of approving the Committee Draft, or certification by the chair that no minority reports exist. All votes for Committee Draft were unanimous. Hal Lockhart Bill Parducci Co-Chairs XACML TC
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]