Re: [ebxml-dev] XACML vs. SAML?

[Chiusano Joseph <chiusano_joseph@bah.com>]

Andrzej,

Not off-topic at all (see information about registry below).  XACML
works in conjunction with SAML.  For example:

- XACML receives a SAML request to determine if access should be granted
to a resource based on rule sets, or policies, that are defined by the
provider
- Once the policy is evaluated and returns a true or false value to
indicate whether or not access is granted, an SAML authorization
decision assertion is returned, which is then processed accordingly. 

A SAML request contains information such as authentication username and
password, or other details about the individual making the request. This
information is then delivered to an application designed to process it
with the intended goal of using XACML to allow or deny access to an XML
resource. 

The OASIS/ebXML Registry TC has just added XACML support to the Registry
V3 specification (which is in the final stages of completion by the TC).

Kind Regards,
Joe Chiusano
Booz | Allen | Hamilton
Member, OASIS/ebXML Registry TC

Andrzej Jan Taramina wrote:
> 
> I know this is a bit off topic for ebxml-dev, but since traffic here is low,
> and security issues always raise their heads when doing ebxml.
> 
> OASIS just ratifiec the XACML spec. What I'm curious about is how XACML and
> SAML compare?  Is there a lot of overlap?  Are they competing or co-operative
> specs?
> 
> Thanks for any insight the group can offer.
> 
> Andrzej Jan Taramina
> Chaeron Corporation: Enterprise System Solutions
> http://www.chaeron.com
> 
> ----------------------------------------------------------------
> The ebxml-dev list is sponsored by OASIS.
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.ebxml.org/ob/adm.pl>

Attachment: Chiusano_Joseph.vcf
Description: Card for Joseph Chiusano