I would like to offer the following questions for consideration
for addition to the AuthZ survey:
1)
What access control models are supported by your authorization
system?
a) Role
Based Access Control (RBAC)
b) Attribute
Based Access Control (ABAC)
c) Other?
2)
What are the types of factors/attributes/claims that are
supported by your authorization system?
a) Identity
and Authority based
b) Resource
based
c) Environmental
based
d) Other
3)
Does your authorization system provide any mechanisms for the lifecycle
management of AuthZ policies?
a) Yes
b) No
4)
Does your authorization system provide any mechanisms for the sharing/distribution
of AuthZ policies?
a) Yes
b) No
Regards,
-
Anil
From:
dg-concordia-bounces@kantarainitiative.org
[mailto:dg-concordia-bounces@kantarainitiative.org] On Behalf Of John,
Anil
Sent: Tuesday, October 06, 2009 4:30 PM
To: Shivaram Mysore; Tolbert, John W
Cc: kantara Initiative
Subject: Re: [Dg-concordia] AuthZ survey changes
>"Ability to mix and match PDPs and PEPs from
different vendors __" - may be too heavy a statement.
Would respectfully disagree.. This is a clear and continuing
issue, even after the XACML TC sponsored interop that happened at Burton Catalyst
a couple of years ago.
I wrote the above two blog entries more than a year ago.
AFAIK, this situation has not changed to any great degree (I am very willing,
and hope that I will be, corrected on this!)
If both my PEP vendor(s) (XML Security GW Vendors as well as
Software based PEPs) as well as my PDP Vendors (Entitlement/Policy Decisioning
engines) trumpet their support for XACML and their ability to exist in a
standards based environment, why should I continue to pay for integration
between a PEP and a PDP, especially if I’ve made a decision to
externalize my AuthZ (The decision to do so and implement is, as noted, a
continuing policy and education problem) ?
Regards,
-
Anil
From:
dg-concordia-bounces@kantarainitiative.org
[mailto:dg-concordia-bounces@kantarainitiative.org] On Behalf Of Shivaram
Mysore
Sent: Tuesday, October 06, 2009 2:03 PM
To: Tolbert, John W
Cc: kantara Initiative
Subject: Re: [Dg-concordia] AuthZ survey changes
PDP and PEP acronyms will need
expansion. Real life examples in brackets would help. If the survey
is for a business person, he would not understand PDP/PEP
"Ability to mix and match PDPs and PEPs from different vendors __" -
may be too heavy a statement.
IMHO if PEP and PDP must exist (it does not matter from which vendor they are
as the IT has to pay the cost), then the real problem is application
integration and migration.
/Shivaram
On Tue, Oct 6, 2009 at 9:51 AM, Tolbert, John W <john.w.tolbert@boeing.com>
wrote:
I've "simplified" the choices somewhat, and added a few
items based on the feedback. Please review at your leisure. Thanks
_______________________________________________
Dg-concordia mailing list
Dg-concordia@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-concordia
--
Strong Authentication, SOA, Web Services, PKI, Software Architecture, Product
Strategy and Management Consultants:
http://www.truststix.com/