Superpatterns Pat Patterson on the Cloud, Identity and Single Malt Scotch

27Feb/094

XACML and SAML – a Match Made in… 2005

Over at NetworkWorld's Security: Identity Management Alert, Dave Kearns weighs in on the ongoing federated provisioning debate with Federated provisioning could exist. While Dave is right to highlight the promise of the Liberty Alliance's Identity Governance Framework (IGF), he is way off the mark regarding XACML and SAML. Dave writes:

Some have suggested that XACML (eXtensible Access Control Markup Language) might be the answer. But it [...] suffers from the same problem as SPML (no interaction with SAML) [...]

This is patently not true! Four years ago, OASIS defined the interaction between XACML and SAML in SAML 2.0 profile of XACML v2.0 [PDF], part of the XACML 2.0 specification set. Since then, SAML/XACML has been implemented in a range of products, including Sun OpenSSO Enterprise, with interoperability between seven vendors' products demonstrated at the OASIS XACML Interop Demo (held at the RSA Conference, April 2008).

XACML and SAML, best buddies since February 2005

Comments (4) Trackbacks (1)
  1. Pat,

    Re: "XACML and SAML – a Match Made in… 2005"

    I laughed so much at this I nearly choked.

    Great post.

    Wayne

  2. Will you be blogging shortly on how Sun will embrace the Oasis IGF and when it will release an implementation…

  3. Sure – when we have something to say on the topic. BTW – IGF is not at OASIS – it’s at Liberty Alliance.

  4. James – will you be blogging on how you would use IGF?


Leave a comment