OASIS XACML InterOp Demo 2008
OASIS XACML InterOp Demo
7-11 April 2008
RSA Conference 2008
San Francisco, California, USA
The eXtensible Access Control Markup Language (XACML) 2.0 OASIS Standard has emerged as a front runner in solving complex access control problems in the enterprise. Unlike the approach taken by proprietary access control lists (ACL), XACML is an industry accepted standard that provides a well defined structure to create rules and policy sets to make complex authorization decisions. Enterprise practitioners have wished for greater interoperability between products that support the XACML OASIS Standard.
At the RSA Conference 2008 in San Francisco, April 7-11, nine organizations will come together to demonstrate interoperability of the eXtensible Access Control Markup Language (XACML) 2.0 OASIS Standard. Simulating a real world scenario provided by the U.S Department of Veterans Affairs; the demo will show how XACML ensures successful authorization decision requests and the exchange of authorization policies. Participants include:
- BEA Systems
- Red Hat
- Sun Microsystems
- U.S. Department of Veterans Affairs
The Interoperability Demonstration will utilize the requirements drawn in the Healthcare industry based on work done at the U.S. Department of Veterans Affairs, HL7, ASTM and ANSI. The requirements include Role-Based Access Control (RBAC), Privacy Protections, Structured and Functional Roles, Consent Codes, Emergency Overrides and Filtering of Sensitive Data. The demonstration will highlight how XACML Obligations can provide additional capabilities in the policy decision making process, while taking the health care scenarios as example. Technical details of the demonstration, including Interoperability Configuration, Policy Decision Request and Policy Interoperability, Roles and Privileges Modeling, Usage of XACML Obligations and SAML Identity Providers will be highlighted.
The demonstration will occur in Booths 132-136 beginning April 7, 2008 during Expo hours. There will be an opportunity for the RSA 2008 attendees to interact with the participating technologists.