Table of Contents
Announcements
XACML 2.0 InterOp at RSA Conference 2008
OASIS conducted the
Second XACML 2.0 Interop at the
RSA Conference 2008
from April 7th - 10th, 2008. Nine members of the OASIS open standards consortium, in cooperation with the Health Information Technologies Standards Panel (HITSP), demonstrated interoperability of the eXtensible Access Control Markup Language (XACML) version 2.0. Simulating a real world scenario provided by the U.S. Department of Veterans Affairs, the demo showed how XACML ensures successful authorization decision requests and the exchange of authorization policies.Further details below in the XACML Interop section.
XACML TC Meetings The XACML TC conference call number is 512-225-3050. The
conference call code is 65998#. The XACML TC would like to thank
Authentify, Inc. for sponsoring our TC conference calls since
2001.
Overview The XACML Technical Committee will define a core XML schema for representing authorization and entitlement policies, also called XACML. For more information, see the TC Charter and FAQ
Technical Work Produced by the Committee
=============================== XACML 2.0 Specification Set: XACML 2.0 and all the associated profiles were approved as OASIS Standards on 1 February 2005.
- NORMATIVE XACML 2.0 documents
- ALL XACML 2.0 documents (includes separate example files and non-normative document formats)
- Individual XACML 2.0 documents:
- XACML 2.0 Core: eXtensible Access Control Markup Language (XACML) Version 2.0
- Core and hierarchical role based access control (RBAC) profile of XACML v2.0
- Hierarchical resource profile of XACML v2.0
- Multiple resource profile of XACML v2.0
- Privacy policy profile of XACML v2.0
- SAML 2.0 profile of XACML v2.0 (see errata below for corrected version of spec and schemas)
- XML Digital Signature profile of XACML v2.0
- XACML 2.0 Errata: These are non-normative documents that contain TC-approved corrections for errors found in the specifications above.
- XACML 2.0 Core: eXtensible Access Control Markup Language (XACML) Version 2.0
- SAML 2.0 profile of XACML v2.0
,
=============================== XACML 1.1 Specification Set:
- Core Specification: eXtensible Access Control Markup Language (XACML) Version 1.1
- Committee Draft 01, 24 July 2003
=============================== XACML 1.0 Specification Set:
- Core Specification: eXtensible Access Control Markup Language (XACML) Version 1.0
- OASIS Standard 1.0, 18 February 2003 OASIS Standard as of 6 Feb. 2003
- XACML Profile for Role Based Access Control (RBAC) Version 1.0:
- Committee Draft 01, 13 February 2004
- Other Documents (non-normative)
=============================== Work in progress: The following working drafts and submissions represent XACML TC work in progress.
- XACML 3.0 Issues List
- Specifications currently under review
- XACML 3.0 RBAC profile, WD 1, 4 Dec 2007:
- XACML 3.0 Hierarchical, Multiple, Privacy, and Dsig profiles (all WD 1), 18 Nov 2007:
- XACML 3.0 Core Specification, WD 6, 18 May 2008:
- XACML 3.0 Administration and Delegation Profile, WD 19, 10 Oct 2007:
- SAML 2.0 Profile of XACML, Version 2
- Web services policy and XACML
- Obligation Families model under consideration
- XACML v3.0 improved generality Working Draft 03, 17 March 2005
The following work items are not on a standards track
The following work items are not currently under active development or discussion, but have not officially been withdrawn.
Expository Work Produced by the Committee
=============================== Interops: The following is a brief description of the XACML Interops that have been conducted under the guidance of the XACML Technical Committee.
Second XACML 2.0 InterOp at RSA Conference 2008
OASIS conducted the Second XACML 2.0 Interop at the
RSA Conference 2008 from April 7th - 10th, 2008. Nine organizations participated, which included eight vendor companies that demonstrated interoperability between their PDPs and an "embedded vendor PEP SDK" customized by U.S. Department of Veterans Affairs (VA) to demonstrate the use of XACML within the VA HL7 healthcare application infrastructure to support healthcare scenarios standardized using HL7 vocabulary detailed in the RSA Conference 2008 XACML 2.0 Healthcare Interop scenarios document collection.
First XACML 2.0 InterOp at Catalyst 2007
OASIS conducted the First XACML 2.0 Interop at the Catalyst Conference
on June 28th, 2007. Several companies participated and demonstrated the use of XACML to solve business problems by implementing a set of interop scenarios.
External Resources
The following is a frequently updated listing of external papers, presentations, related standards, publicly announced products and deployments that use XACML in a significant way. It also includes XACML Attribute identifiers defined in documents other than core XACML. This list is maintained by the XACML TC.
XACML References
The following articles, while not produced by the XACML TC, provide additional insight into its work
XACML 2.0 Access Control Markup Language Approved as OASIS Standard OASIS News, 2 Mar 2005 OASIS Extensible Access Control Markup Language TC Approves XACML 2.0 Specifications CoverPages, 5 Oct 2004 "Extensible Access Control Markup Language (XACML)" Cover Pages, 23 March 2004
"Draft XACML Profile for Web-Services Addresses Web Services Policy Expression" Cover Pages, 30 Sept 2003 "XACML XML DSig Profile Supports Authentication of XACML Schema Instances" Cover Pages, 28 March 2003
"Sun Microsystems Releases Open Source XACML Implementation for Access Control and Security" Cover Pages, 18 Feb 2003 OASIS XACML Announcement OASIS News, 24 April 2001 Public Review for OASIS Extensible Access Control Markup Language (XACML) Specification Cover Pages, 8 Nov 2002
Mailing Lists and Comments
xacml: the list used by TC members to conduct Committee work.
TC membership required to post.
TC members are automatically subscribed; the public may view
archives.*
xacml-comment: a public mail list for providing input to the OASIS XACML Technical Committee members. Send a
comment or view archives.*
xacml-dev: an unmoderated, public mail list that provides an open forum for developers of XACML policy evaluation engine implementations or supporting components and tools to exchange ideas and information on implementing the XACML OASIS Standard.
Subscribe or view archives.*
xacml-users: an unmoderated, public mail list that provides an open forum for users of XACML to exchange ideas and information on expressing policies using the XACML OASIS language.
Subscribe or view archives.*
xacml-demo-tech: a mailing list restricted to XACML TC members interested in technical aspects of an interoperability demo; archives are also limited to TC members. Subscribe or view archives.*
xacml-demo-mktg: a mailing list restricted to XACML TC members interested in marketing aspects of an interoperability demo; archives are also limited to TC members. Subscribe or view archives.*
*To minimize spam, you must subscribe to these lists before posting.
Additional Information
Available XACML Implementations
It is known that various developers have implemented XACML code and
XACML support tools; some of these implementations are publicly
available for download. The following are listed here solely for the
information of parties interested in XACML. By including these links,
neither the XACML TC, nor OASIS itself, is endorsing or recommending
these implementations in any way. This list may be modified at any time
as further information about these or other implementations becomes
known.
|
|