Follow up on: XACML - Extensible Access Control Markup Language

To: members of MPEG-21 and W3C-DRM mailing lists
Cc: members of XACML mailing list (FYI)

[This is a deliberate cross-posting on multiple lists, for the purpose
of cross-fertilisation.  Apologies if you receive multiple copies.]

As previously promised to the members of the MPEG-21 and W3C-DRM
mailing lists, this is an update on the activities of the OASIS/XACML
(eXtensible Access Control Markup Language) Technical Committee
following its first meeting (teleconf) on Monday 21 May 2001.

The group charter (available at http://www.xacml.org/) includes
the definition of "a core schema and corresponding namespace for the
expression of authorization policies in XML against objects that are
themselves identified in XML."  (Note that the latter clause does not
restrict policies to XML objects, just those objects to which a
reference can be written in XML syntax.)  The charter further states
that "Issues to be addressed include, but are not limited to: fine
grained control, the nature of the requestor, the protocol over which
the request is made, content introspection, the types of activities
authorized."

There is a clear synergy between the aims of XACML and other work
taking place in MPEG and other standards groups.  To date the TC has
identified a small number of potential contributing standards but the
Web site makes no mention of MPEG-21, IETF, Open eBook Forum, or
W3C(DRM) activities.  At the kickoff meeting, the TC agreed to create
a sub-committee with responsibility for liaison with other standards
efforts.  The sub-committee will help to scope the XACML work and
determine whether it should contribute into any other standards
activities, and if it could benefit from adopting the work of the
other activities where appropriate.  This is very positive.

There is presently representation the XACML TC from the IETF.  Thomas
Hardjono <mailto:thardjono@yahoo.com> of Nortel Networks is Chair of
Internet Digital Rights Management Research Group of the IETF (see
http://www.idrm.org/).  Also, I (david.parrott@reuters.com) and a number
of others are bridging several standards groups in the DRM space.  It is
clearly useful to coordinate activities as far as possible.

The XACML TC has an aggressive schedule (from the XACML home-page):

'The plan is to produce a "substantially complete" draft specification
 by 21 Dec 2001, with a final version ready to undergo the OASIS member
 approval process by 22 March 2002. The final version will be
 accompanied by reference implementations. Below are interim
 deliverable dates:

 statement of scope 29 June 2001
 glossary 29 June 2001
 bibliography 29 June 2001
 use cases 24 Aug 2001
 detailed requirements 21 Sep 2001
 draft standard 01 Dec 2001
 model examples for "native" and non-native XML targets of control 21 Dec 2001
 reference implementations 22 March 2002'

Of particular interest is the result of the initial scoping exercise
to be undertaken via the XACML mailing list and due for completion at
the end of next month.  I envisage that the Standards Interoperability
and Liaison sub-committee will have significant input during the
scoping phase.

The Chair of the XACML TC is Simon Blackwell
<mailto:sblackwell@psoom.com> who should be contacted regarding
participation.  NB: OASIS restricts participation in TCs to the OASIS
membership.  The archives of the XACML mailing list are publically
available at: http://lists.oasis-open.org/archives/xacml/


Background on OASIS (from http://www.oasis-open.org/):

OASIS, the Organization for the Advancement of Structured Information
Standards, is a non-profit, international consortium that creates
interoperable industry specifications based on public standards such
as XML and SGML. OASIS members include organizations and individuals
who provide, use and specialize in implementing the technologies that
make these standards work in practice.


Best Regards,
/Dave.

_ ______________________________________________________________
Dr David J. Parrott, Chartered Engineer. Chief Technology Office
     Reuters Limited, 85 Fleet Street, London EC4P 4AJ, UK.
   Direct Line: +44 (0)20 7542 9830, Fax: +44 (0)20 7542 8314
       Email: David.Parrott@reuters.com, dparrott@acm.org



-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.

Received on Wednesday, 23 May 2001 08:43:28 UTC