xacml extensible access control markup language xml world 2001 17-19 september san francisco, ca...
TRANSCRIPT
![Page 1: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/1.jpg)
XACMLXACMLeXtensible Access Control eXtensible Access Control
Markup LanguageMarkup Language
XML World 2001
17-19 September
San Francisco, CA
Simon Y. Blackwell
Chairperson, XACML Technical Committee OASIS
CTO, Psoom, Inc.
![Page 2: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/2.jpg)
Simon Y. Blackwell, CTO
XACML
• An XML specification for the expression of access control policies that can:– Be applied to anything referenced from XML– Refer to the content of the target of control– Be based on request context variables
![Page 3: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/3.jpg)
Simon Y. Blackwell, CTO
XACML Participants
• Authentify• CrossLogic• Entitlenet• Entrust• HP• IBM• Jamcracker
• Netegrity• Oblix• Psoom• Reuters• Tivoli• University of Milan• Verisign
![Page 4: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/4.jpg)
Simon Y. Blackwell, CTO
Cross Committee Representation
• SAML
• ebXML
![Page 5: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/5.jpg)
Simon Y. Blackwell, CTO
Why XACML?
• Promote Interoperability
• Ensure Uniformity
• Ease Development
• Control XML Fragments
![Page 6: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/6.jpg)
Simon Y. Blackwell, CTO
Promote Interoperability
• Multiple vendor security solutions in one enterprise
• Shared policy in business partnerships
![Page 7: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/7.jpg)
Simon Y. Blackwell, CTO
Ensure Uniformity
• Distributed, heterogeneous security systems with inconsistent policy– Multiple data base vendors– Custom applications– Firewalls– Operating systems
![Page 8: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/8.jpg)
Simon Y. Blackwell, CTO
Ease Development
• Separate policy from applications
• Standard means for policy to refer to the content of its target and the context of a request
![Page 9: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/9.jpg)
Simon Y. Blackwell, CTO
Control XML Fragments
• XML documents are frequently used to store information with different security needs– Health records– Contracts
![Page 10: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/10.jpg)
Simon Y. Blackwell, CTO
Features
• Layered architecture, e.g.– Users -> Groups -> Roles– Targets -> Target Security Levels– Standard Rights -> User Defined Rights
• XPATH
• Provisional Actions
![Page 11: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/11.jpg)
Simon Y. Blackwell, CTO
Demonstrations
• IBM XACL
• University of Milan XAS
• Others …
![Page 12: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/12.jpg)
Simon Y. Blackwell, CTO
Schedule
• December 2001 Candidate Specification
• March 2002 v1.0 (grammar focus)
• TBD (processing and protocols)
![Page 13: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/13.jpg)
Simon Y. Blackwell, CTO
Interim Work To Explore
• Standards Contributors– IBM XACL
• http://alphaworks.ibm.com/tech/xmlsecuritysuite
– University of Milan XAS• http://sansone.crema.unimi.it/~samarati/Papers/www9.pdf
– CrossLogix (proprietary)• http://www.crosslogix.com
• Other work– http://www.xrml.org (digital rights management)– http://www.odrl.net
• Extensive Reference Information– http://www.oasis-open.org/committees/xacml/docs/docs.shtml
![Page 14: XACML eXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfdf1a28abf838cb267c/html5/thumbnails/14.jpg)
Simon Y. Blackwell, CTO
For More Information
http://www.xacml.org
Visit, Participate, Contribute