XACML Interop at RSA 2008 isn't a repeat of Burton

James McGovern recently linked to Anil Saldhana's summary of IDTrust 2008 with the following comment.

It feels as if the RSA Conference will be repeating the Oasis XACML interoperability challenge already conducted by The Burton Group. I wonder why Hal Lockhart and others couldn't come up with something that shows more thought leadership? How about demonstrating XACML interoperability with non-security products such as BPM and ECM?

I don't know where James got the impression that the RSA Interop will be a repeat of the Burton Interop. The scenario is much more in-depth. Instead of the XACML TC inventing a simple scenario, the US Department of Veteran's Affairs is the primary scenario driver. The scenario covers using XACML to protect confidential patient data, and the associated controls around emergency over-rides.

Anil's written a quick overview, and the IDTrust presentations by IBM's Tony Nadalin and Axiomatic's Andreas Sjöholm give a more in-depth overview.

I personally think the scenario is interesting, in-depth, and demonstrates the flexibility that XACML can provide in a complex domain.

Update: Anil has also responded to James' comment.

blog comments powered by Disqus