XACML and SAML - a Match Made in… 2005
Over at NetworkWorld’s Security: Identity Management Alert, Dave Kearns weighs in on the ongoing federated provisioning debate with Federated provisioning could exist. While Dave is right to highlight the promise of the Liberty Alliance’s Identity Governance Framework (IGF), he is way off the mark regarding XACML and SAML. Dave writes:
Some have suggested that XACML (eXtensible Access Control Markup Language) might be the answer. But it […] suffers from the same problem as SPML (no interaction with SAML) […]
This is patently not true! Four years ago, <a href-“http:=”” www.oasis-open.org=”” “=”“>OASIS</a> defined the interaction between XACML and SAML in SAML 2.0 profile of XACML v2.0 [PDF], part of the XACML 2.0 specification set. Since then, SAML/XACML has been implemented in a range of products, including Sun OpenSSO Enterprise, with interoperability between seven vendors’ products demonstrated at the OASIS XACML Interop Demo (held at the RSA Conference, April 2008).
XACML and SAML, best buddies since February 2005 :-)
Comments
Wayne Horkan
Pat,
Re: "XACML and SAML - a Match Made in... 2005"
I laughed so much at this I nearly choked.
Great post.
Wayne
James
Will you be blogging shortly on how Sun will embrace the Oasis IGF and when it will release an implementation...
Pat Patterson
Sure - when we have something to say on the topic. BTW - IGF is not at OASIS - it's at Liberty Alliance.
Pat Patterson
James - will you be blogging on how you would use IGF?
OpenSSO Tab Sweep – Mar 13 2009 « Superpatterns
[…] on the heels of my recent entry pointing out the interaction between SAML and XACML, Steven Jarosz, another star Sun SE, has started to document some interesting ways of deploying the […]
Leave a Comment
Your email address will not be published. Required fields are marked *