XACML vs WS-Policy vs WS-Trust

Interesting post by Joseph Chiusano of Booz Allen Hamilton to the sunxacml-discuss mailing list discussing US Federal Government classification of standards and specifications. Key quote (my links):

XACML would be considered to be a “Voluntary Consensus Standard (VCS)” (aka an “open standard”) according to OMB Circular A-119[1], the authoritative federal mandate on this topic. WS-Policy and WS-Trust, however, would not be considered VCSs.

It is important to understand the difference between a standard and a specification – imho, standards are created in organizations (such as OASIS, W3C and Liberty) whose membership is open to all. Non-standard Specifications on the other hand, are created by consortia of vendors outside standards bodies such as the above. That’s not to denigrate their usefulness in any way, but the difference in process can be significant – open standards level the playing field; in contrast, you can never be sure whether a multi-lateral specification favours the members’ products. In fact, it would be somewhat irrational if it did not.

3 Replies to “XACML vs WS-Policy vs WS-Trust”

  1. I think the JCP is as close to an open standards group as you can get while still having a single vendor underwrite the effort. Membership is open to all who apply. And look at the member list – there are major Sun competitors there – IBM, CA, BEA, Novell – in fact, pretty much everyone except MS, and they would be welcome to join.

  2. Of course, JCP is also the name of the startup I worked at in the late 90s, acquired by Sun in January 2000. Here’s a snapshot of the JCP site (courtesy of the Wayback Machine) from Feb 1998, soon after I joined.

    I cut my Java teeth implementing ASN.1 decoding and X.509 certs for the Java SSL implementation. Those were the days…

Leave a Reply

Your email address will not be published.