OASIS ratifies security standard

A major standards body recently announced the ratification of a standard that could benefit companies that need to control user access to Web services or secured information over the Internet. The Extensible Access Control Markup Language (XACML) is an XML specification that can be used to describe authorization policies in an open, interoperable way.

But it’s unclear how great an impact XACML will have in the community of vendors supporting Web services, since the newly anointed standard from the Organization for the Advancement of Structured Information Standards (OASIS) is only one small piece of the Web services security puzzle, said Jason Bloomberg, an analyst at ZapThink LLC in Waltham, Mass.

Bloomberg said he wouldn’t be surprised to see XACML merge with another Web services standard, such as Web Services Policy (WS-Policy).

Kevin Cronin, chief enterprise architect for financial services at Boston-based Niteo Partners Inc., said he’s a bit worried about overlapping standards at this early stage, since no one wants to do work that might later have to be discarded if another standard becomes the accepted one.

Cronin added that he thinks the issue XACML addresses is “very real” and needs to be dealt with in order to ensure more efficient and more secure policy management, enforcement and auditing.

Sun Microsystems Inc. announced this week the release of an XACML implementation under an open-source licence. The company claimed that it will help developers build secure Web services and applications because they will no longer have to concern themselves with the patchwork of proprietary access-control policy languages.

But it’s unclear when or whether other vendors will build to the standard. Paul Patrick, chief security architect at BEA Systems Inc. in San Jose, Calif., said that even though BEA served on the standard’s technical committee, it currently has no plans to support XACML in products. Patrick said authorization providers are more likely candidates.

A spokesperson for Microsoft Corp. said the company has no plans to support XACML either. He added that Microsoft considers WS-Policy and WS-Security to be the more complete framework for addressing needs in this area.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now