RE: XACML - Extensible Access Control Markup Language

Tom: you are saying that the reinvented wheel is XACML versus XRML, right?
(I agree).  It does seem that XACML is intended at the same "Rights
Expression Language" (REL) level as described in e.g. the MPEG-21 "Call for
Requirements for a Rights Data Dictionary and Rights Expression Language" 

XRML was presented at MPEG 21 as a contribution for REL, (as was indecs for
the RDD part) ; the resulting output from the Rights Requirements group of
MPEG 21 embraces both; it's not yet finalised and is the subject of a
further ad hoc meeting in June.  XRML and indecs will both be there and I
think also the proposed ODRL (W3C) which is also is at the same level as
XRML.  So the views are either (a) we need another effort like we need a
hole in the head or (b) many different efforts will lead to best of breed
(yeah, right ;-))

Norman Paskin 


-----Original Message-----
From: Tom McMahon [mailto:tlm@microsoft.com]
Sent: 26 April 2001 01:51
To: David Parrott; Paskin, Norman (DOI-ELS)
Cc: www-drm@w3.org; Kilroy Hughes
Subject: RE: XACML - Extensible Access Control Markup Language


See attached.  These guys have already done an unbelievably good job at
laying down the framework.  Why would anyone want to re-invent this
wheel?



-----Original Message-----
From: David Parrott [mailto:David.Parrott@reuters.com]
Sent: Wednesday, April 25, 2001 5:41 AM
To: Paskin, Norman (DOI-ELS)
Cc: www-drm@w3.org
Subject: RE: XACML - Extensible Access Control Markup Language




Norman,

Absolutely agree.  I would further say that data dictionaries
(/vocabularies)
can themselves be layered.  No one data dictionary could hope to
encapsulate all the rights and obligations requirements of all players
both
existing and to be defined in the future.  Therefore, the glue language
should
accommodate alternative and combined sources of vocabularies and,
indeed,
dynamically varying sources.  I would argue that there is intellectual
property
in certain vocabularies and others in which information resides that
cannot be
shared with the general community for legal reasons.  I look forward to
open
languages that take account of flexible data dictionary and vocabulary
management.

Given that I am at least trying to stay on top of several standards
activities
right
now, I am more than happy to try to bridge wherever I can.  I would
expect that
I'm not the only one.  One thing is for sure: there'll be a lot of
healthy
debate on
these topics over the coming months and, hopefully, a good degree of
cross
fertilisation.

Best regards,
/Dave.

_ ______________________________________________________________
Dr David J. Parrott (Chartered Engineer) Chief Technology Office
     Reuters Limited, 85 Fleet Street, London EC4P 4AJ, UK.
   Direct Line: +44 (0)20 7542 9830, Fax: +44 (0)20 7542 8314
       Email: David.Parrott@reuters.com, dparrott@acm.org





|--------+----------------------->
|        |          "Paskin,     |
|        |          Norman       |
|        |          (DOI-ELS)"   |
|        |          <n.paskin@doi|
|        |          .org>        |
|        |                       |
|        |          25/04/2001   |
|        |          10:14        |
|        |                       |
|--------+----------------------->
 
>-----------------------------------------------------------------------
---|
  |
|
  |       To:     David Parrott/LON/GB/Reuters@Reuters
|
  |       cc:     "'www-drm@w3.org'" <www-drm@w3.org>
|
  |       Subject:     RE: XACML - Extensible Access Control Markup
Language |
  |       Header:      Internal Use Only
|
 
>-----------------------------------------------------------------------
---|






Dave: I absolutely agree with your stated fears.  Too many cooks spoil
the
broth and there is a whole cuisine school out there at present, with
varying
degrees of knowledge and ability.

As I think you'll agree DRM isn't one thing.  It can certainly be broken
down into some layers.  One such breakdown is into an underlying
semantics
(a data dictionary of terms); and a use of those terms in an application
by
means of an expression (a language).  That separation has been called
"Rights Data Dictionary" and "Rights Expression Language" respectively
in
e.g. the recent MPEG-21 work., and was obvious in the W3C DRM (indecs as
exemplar of semantics, ODRL and XRML as expression)

indecs focussed on the semantic analysis and was successful; see
practical
commercial implementatioins in ONIX, DOI, etc.  It's planned to build
further semantic analysis in the rights area as a Data Dictionary, under
the
indecs2 umbrella (IDF has a role in funding the feasibility study to
build
support to do this - see IDF FUNDS STUDY OF MULTIMEDIA INTELLECTUAL
PROPERTY
RIGHTS April 17, 2001
http://www.doi.org/news/010418-multimediaIP.html).
The detailed document (now in preparation) which describes that study
explores this separation further. I see from the XACML press release:
"XACML will define the representation for rules that specify the who,
what,
when and how of information access," explained Simon Y. Blackwell of
Psoom,
chair of the OASIS XACML Technical Committee. "Access control, which is
often called 'rights management' or 'entitlement management,' determines
who
can look at something, what they can do with it, the type of device they
can
look at it on, etc."

So (as I said in another posting) it seems to me that the effort is not
going to be doing the necessary *semantic* work of the Rights Data
Dictionary, as discussed at MPEG Singapore in the Rights Requirements
sessions, and the W3C DRM.  It seems more to be standard XML expressions
of
this ("the representation for rules" rather than "the rules")?  If it is
indeed planning to do the semantic work, then for the reasons you note
it
needs to talk to indecs2.  Clearly it has relevance anyway and I have
suggested a contact between OASIS and the indecs2 activity , and which
is
planned to be the basis for the indecs2 development of the Rights Data
Dictionary (for feed in to MPEG-21).   Can you be the bridging contact
here?


I'd be interested in seeing how we can indeed whilst still getting both
the
semantic and the expression work done.

Norman


-----Original Message-----
From: David Parrott [mailto:David.Parrott@reuters.com]
Sent: 25 April 2001 09:28
To: www-drm@w3.org
Subject: Re: XACML - Extensible Access Control Markup Language




You will note from the Press Release from OASIS that Reuters is one of
the initial members of the OASIS XACML Technical Committee.  I will be
taking part in the kick-off teleconference on 12 May and would hope
that any work undertaken by OASIS will be aligned as closely as
possible to the many other efforts currently in the process of
starting up.  I am fearful that too many competing standards will have
the following effects:

1/ to dilute the effort applied in any one place
2/ to spread too thin the efforts of those who are trying to keep
     up with (i.e., by active participation) multiple standards
3/ to reduce the likelihood of truly interoperable systems
4/ to impact credibility

Looking at the PKI space, one sees many standards in place (PKIX,
OCSP, PKCS, S/MIME, etc) but each of those is operating in a slightly
different problem domain.  My concern about the rights management
standards is that there is significant overlap.  I would be looking,
ideally, for niches to be identified in which the different standards
excel and which are complementary.  Clearly, lines of responsibility
need to be drawn.

Regards,
/Dave.

_ ______________________________________________________________
Dr David J. Parrott (Chartered Engineer) Chief Technology Office
     Reuters Limited, 85 Fleet Street, London EC4P 4AJ, UK.
   Direct Line: +44 (0)20 7542 9830, Fax: +44 (0)20 7542 8314
       Email: David.Parrott@reuters.com, dparrott@acm.org





|--------+----------------------->
|        |          Rigo Wenning |
|        |          <rigo@w3.org>|
|        |                       |
|        |          24/04/01     |
|        |          23:36        |
|        |                       |
|--------+----------------------->
  >-------------------------------------------------------------------|
  |                                                                   |
  |       To:     DRM-Public-List <www-drm@w3.org>                    |
  |       cc:     (bcc: David Parrott/LON/GB/Reuters)                 |
  |       Subject:     XACML - Extensible Access Control Markup       |
  |       Language                                                    |
  |       Header:      Internal Use Only                              |
  >-------------------------------------------------------------------|






----- Forwarded message from Larry Gussin <ldgussin@home.com> -----

Date: Tue, 24 Apr 2001 13:14:56 -0400 (EDT)
Message-ID: <00b101c0ccd8$8e395c60$16c60b41@pwtkt1.ri.home.com>
From: "Larry Gussin" <ldgussin@home.com>
To: <www-drm@w3.org>
Subject: [Moderator Action] XACML - Extensible Access Control Markup
Language

Hi,

I worked at Intertrust for some years, and so am familiar with DRM
concepts.
I
note XACML, which was begun at IBM and announced today by OASIS as a
technical
committee, as another form of XML-based rights language, growing out of
enterprise access control practices:
http://xml.coverpages.org/XACML-PR20010424.html. The XACML web page:
http://xml.coverpages.org/xacl.html.

>From the press release:
"XACML will define the representation for rules that specify the who,
what,
when
and how of information access," explained Simon Y. Blackwell of Psoom,
chair
of
the OASIS XACML Technical Committee. "Access control, which is often
called
'rights management' or 'entitlement management,' determines who can look
at
something, what they can do with it, the type of device they can look at
it
on,
etc."

I'd appreciate hearing how this effort might fit in.

Larry Gussin




----- End forwarded message -----




-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.



-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.

Received on Thursday, 26 April 2001 04:55:48 UTC