Java开发网 Java开发网
注册 | 登录 | 帮助 | 搜索 | 排行榜 | 发帖统计  

您没有登录

» Java开发网 » 技术文章库  

按打印兼容模式打印这个话题 打印话题    把这个话题寄给朋友 寄给朋友    该主题的所有更新都将Email到你的邮箱 订阅主题
flat modethreaded modego to previous topicgo to next topicgo to back
作者 [转贴]XACML Access Control Markup Language
yekai





发贴: 256
积分: 50
于 2003-07-03 01:26 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
The OASIS interoperability consortium today announced that its members have approved the Extensible Access Control Markup Language (XACML) as an OASIS Open Standard, a status that signifies the highest level of ratification. XACML allows developers to express and enforce policies for information access over the Internet.

"XACML is designed to enable the interoperability of a broad range of administration and authorization products by providing a universal language for authorization policy. Its flexibility and features for supporting large scale, federated environments will literally set the standard for the next generation of authorization products," explained Hal Lockhart of BEA Systems, co-chair of the OASIS XACML Technical Committee.

"Policies applied consistently across environments and across vendor products is the cornerstone of good security," added Carlisle Adams of Entrust, co-chair of the OASIS XACML Technical Committee. "Coupled with secure mechanisms for carrying requester attributes--such as SAML assertions, Java permissions, or WS-Security tokens--XACML is a key component in an authorization infrastructure that can span Web services, J2SE, and other e-business environments."

The OASIS XACML specification was developed by Entrust, IBM, OpenNetwork, Quadrasis, Sterling Commerce, Sun Microsystems, and other members of the OASIS Extensible Access Control Markup Language Technical Committee.

Before becoming an OASIS Open Standard, XACML first completed an extensive public review and was approved by the OASIS XACML Technical Committee. Then, the specification demonstrated its readiness through multiple implementations, after which XACML was reviewed and approved by the OASIS membership as a whole.

"Ratification as an OASIS Open Standard means that developers can deploy XACML with confidence," said Karl Best, vice president of OASIS. "We congratulate and thank the members of the OASIS XACML Technical Committee for all their outstanding efforts in advancing XACML as the newest OASIS Open Standard."

XACML is the latest addition to the growing OASIS portfolio of security standards. It joins another recently approved OASIS Open Standard, the Security Assertion Markup Language (SAML), as well as emerging specifications advanced within OASIS such as WS-Security, Service Provisioning Markup Language (SPML), Digital Signature Services (DSS), and Public Key Infrastructure (PKI).

Industry Support for XACML

"The ratification of XACML as an OASIS Open Standard reaffirms OASIS' leadership in interoperable secuirty standards for XML," said Edward Cobb, VP of Architecture and Standards, BEA Systems. "XACML and SAML as completed standards, and in-process work such as WS-Security, are the foundation for securing eBusiness interactions. We congratulate the OASIS XACML Technical Committee on reaching this important milestone."

"DataPower applauds the OASIS XACML Technical Committee on their efforts to address a key part of the security area for distributed systems. Their common framework should greatly help accelerate the move away from proprietary systems and towards open networks. DataPower looks forward to suporting rich access control as defined by XACML in our XML-aware network devices," said Rich Salz, chief security architect at DataPower Technology Inc.

"As a leader in delivering enhanced Internet security solutions, Entrust is very proud to have played a role in the development of the XACML 1.0 specification, and we are pleased to see the overwhelming support it has received," said Brian O'Higgins, chief technology officer at Entrust, Inc. "XACML 1.0, in conjunction with the recently approved SAML standard, will provide critical functionality for a comprehensive authorization architecture. OASIS has taken yet another significant step forward in solving the Internet security puzzle."

"Sun believes that flexible and interoperable access control standards are critical for the future of network computing and for the development of secure Web services," said Mark Bauhaus, vice president of Java Web services at Sun. "That's why we have supported and continue to support the XACML standard. Sun announced today that we are releasing our XACML implementation under an Open Source license. This will help developers build secure Web services and enterprise applications, delivering cost savings and simplification to our customers."



flat modethreaded modego to previous topicgo to next topicgo to back
  已读帖子
  新的帖子
  被删除的帖子
Jump to the top of page

   Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent
Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1
客服电话 18559299278    客服信箱 714923@qq.com    客服QQ 714923