Click here to load reader
Upload
louis
View
21
Download
0
Embed Size (px)
DESCRIPTION
XACML eXtensible Access Control Markup Language. XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee OASIS CTO, Psoom, Inc. XACML. An XML specification for the expression of access control policies that can: - PowerPoint PPT Presentation
Citation preview
XACMLXACMLeXtensible Access Control eXtensible Access Control
Markup LanguageMarkup Language
XML World 2001
17-19 September
San Francisco, CA
Simon Y. Blackwell
Chairperson, XACML Technical Committee OASIS
CTO, Psoom, Inc.
Simon Y. Blackwell, CTO
XACML
• An XML specification for the expression of access control policies that can:– Be applied to anything referenced from XML– Refer to the content of the target of control– Be based on request context variables
Simon Y. Blackwell, CTO
XACML Participants
• Authentify• CrossLogic• Entitlenet• Entrust• HP• IBM• Jamcracker
• Netegrity• Oblix• Psoom• Reuters• Tivoli• University of Milan• Verisign
Simon Y. Blackwell, CTO
Cross Committee Representation
• SAML
• ebXML
Simon Y. Blackwell, CTO
Why XACML?
• Promote Interoperability
• Ensure Uniformity
• Ease Development
• Control XML Fragments
Simon Y. Blackwell, CTO
Promote Interoperability
• Multiple vendor security solutions in one enterprise
• Shared policy in business partnerships
Simon Y. Blackwell, CTO
Ensure Uniformity
• Distributed, heterogeneous security systems with inconsistent policy– Multiple data base vendors– Custom applications– Firewalls– Operating systems
Simon Y. Blackwell, CTO
Ease Development
• Separate policy from applications
• Standard means for policy to refer to the content of its target and the context of a request
Simon Y. Blackwell, CTO
Control XML Fragments
• XML documents are frequently used to store information with different security needs– Health records– Contracts
Simon Y. Blackwell, CTO
Features
• Layered architecture, e.g.– Users -> Groups -> Roles– Targets -> Target Security Levels– Standard Rights -> User Defined Rights
• XPATH
• Provisional Actions
Simon Y. Blackwell, CTO
Demonstrations
• IBM XACL
• University of Milan XAS
• Others …
Simon Y. Blackwell, CTO
Schedule
• December 2001 Candidate Specification
• March 2002 v1.0 (grammar focus)
• TBD (processing and protocols)
Simon Y. Blackwell, CTO
Interim Work To Explore
• Standards Contributors– IBM XACL
• http://alphaworks.ibm.com/tech/xmlsecuritysuite
– University of Milan XAS• http://sansone.crema.unimi.it/~samarati/Papers/www9.pdf
– CrossLogix (proprietary)• http://www.crosslogix.com
• Other work– http://www.xrml.org (digital rights management)– http://www.odrl.net
• Extensive Reference Information– http://www.oasis-open.org/committees/xacml/docs/docs.shtml
Simon Y. Blackwell, CTO
For More Information
http://www.xacml.org
Visit, Participate, Contribute