OASIS ratifies security standard

A major standards body recently announced the ratification of a standard that could benefit companies that need to control user access to Web services or secured information over the Internet. The Extensible Access Control Markup Language (XACML) is an XML specification that can be used to describe authorization policies in an open, interoperable way.

But it’s unclear how great an impact XACML will have in the community of vendors supporting Web services, since the newly anointed standard from the Organization for the Advancement of Structured Information Standards (OASIS) is only one small piece of the Web services security puzzle, said Jason Bloomberg, an analyst at ZapThink LLC in Waltham, Mass.

Bloomberg said he wouldn’t be surprised to see XACML merge with another Web services standard, such as Web Services Policy (WS-Policy).

Kevin Cronin, chief enterprise architect for financial services at Boston-based Niteo Partners Inc., said he’s a bit worried about overlapping standards at this early stage, since no one wants to do work that might later have to be discarded if another standard becomes the accepted one.

Cronin added that he thinks the issue XACML addresses is “very real” and needs to be dealt with in order to ensure more efficient and more secure policy management, enforcement and auditing.

Sun Microsystems Inc. announced this week the release of an XACML implementation under an open-source licence. The company claimed that it will help developers build secure Web services and applications because they will no longer have to concern themselves with the patchwork of proprietary access-control policy languages.

But it’s unclear when or whether other vendors will build to the standard. Paul Patrick, chief security architect at BEA Systems Inc. in San Jose, Calif., said that even though BEA served on the standard’s technical committee, it currently has no plans to support XACML in products. Patrick said authorization providers are more likely candidates.

A spokesperson for Microsoft Corp. said the company has no plans to support XACML either. He added that Microsoft considers WS-Policy and WS-Security to be the more complete framework for addressing needs in this area.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now