NOTE: JBossXACML v2.0.3.CR1 <==========
Official Blog Entry is here:
JBoss Blog Notice
It gives me pleasure to inform the community about the release of JBoss XACML v2.0.1-BETA. The license is LGPL.
You can download it from
http://labs.jboss.com/jbosssecurity/download/index.html
The Javadoc link is here:
Javadoc
The User Guide is here:
JBoss XACML User Guide
Why is XACML Important?
- Unlike Authentication, AccessControl/Authorization is a complex area where Role Based Access Control (RBAC) is inadequate in many enterprise situations. XACML is a specification that tries to mitigate this with complex policies that can be woven around a combination of subjects (users/user-agents etc), resources (on which the access control is desired) and Environment (IPAddress, Date, Time etc). You should be able to declaratively (via XML or construct policies) to say things like "Allow this portion of the web site to 18 year olds when the time is between 9am and 5pm", "You should update your own payroll information and can do it when you are employed and on Fridays only" etc.
- Enterprises have been doing this via ACLs and other proprietary mechanisms. Now they can use a standard way.
Dependencies:
JDK 5 and later (Need JAXBv2)
Sun JAXB v2.0 and later ( I used v2.1.4).
You can use the one from here:
Sun JAXB
Sun XACML v2.0
Use the one from here:
SunXACML V2.0
JBoss v5.0 JavaEE Jar (javax.xml.stream support. You can get this from JDK6 or any EE distibution).
JBoss JavaEE
Acknowledgements
Hal Lockhart, Bill Parducci, Anne Anderson (of the Oasis XACML TC for the specification), Rich Levinson, Dennis Pilipchuck (Oasis XACML Interoperability) and Seth Proctor (SunXACML Implementation)
We use the SunXACML implementation for the business logic, policy evaluation etc. It is an implementation detail. The users of JBossXACML will have to concern themselves with its interfaces and object model.
UPDATE:
Please also refer to JBossXACML v2.0.1.GA release.
Also,
http://anil-identity.blogspot.com/2008/04/jbossxacml-v202ga-ready.html
Sunday, July 22, 2007
Saturday, June 30, 2007
Oasis XACML Interoperability Event at Burton Catalyst Conference
I am back after a trip to San Francisco to lead JBoss/Red Hat at the Oasis XACML Interoperability Event at the Burton Catalyst Conference. It was a tremendous successful culmination of almost 2 months of effort by 8 vendors (BEA, IBM, JBoss/Red Hat, Oracle, CA, Jericho Systems, SymLabs and Securent) to interoperate. The whole exercise was a great way to detect bugs/issues in the various products. The collaboration between the vendors was done with courtesy and zero-finger-pointing. There was never a feeling between us that we are competitors in many domains.
During the interop demo, users from various companies were pleasantly surprised that something like XACML standard existed to help solve their access control nightmares.
I got to meet Tony Nadalin from IBM again. Same goes with Hal Lockhart of BEA Systems. I wanted to meet Prateek Mishra from Oracle and I did. I also got to chat with Rich Levinson from Oracle, Sempo from Symlabs and Shekhar Sarrukkai from Securent. At the end of the event, I was fortunate to meet Gerry Gebel, VP, Identity and Privacy Strategies, Burton Group who was the individual who had sent me an invitation in March to check for participation.
Here is the official press release from Oasis.
Oasis XACML Interoperability Press Release
There will also be a Podcast beamed soon from Oasis which contains an interview of me (among others'). :)
UPDATE: Link for the podcast is: OASIS XACML Interop Event
If you need additional information, you can always contact me at ( anil DOT saldhana AT redhat DOT com).
I can vouch that this event raised a lot of eye brows in the industry because my blog post on xacml interop was perused consistently ever since it was published and it was a top hit on any google search, given that it was the only blog posting any details about the event. This basically demonstrates the interest in the community about xacml.
On my part, I will be releasing a beta version of JBoss XACML v2.0 (first beta and then the GA version) in the next 30 days. You will be able to use the lgpl licensed library in any Java Application. If you need a fancy GUI tool to go with it, I would invite you to contribute one. :) Why am I planning on a v2.0 straight away? The answer lies in the version of Oasis XACML Spec that it will support.
When Oasis XACML v3.0 comes out, then we can release JBoss XACML 3.0. ;)
During the interop demo, users from various companies were pleasantly surprised that something like XACML standard existed to help solve their access control nightmares.
I got to meet Tony Nadalin from IBM again. Same goes with Hal Lockhart of BEA Systems. I wanted to meet Prateek Mishra from Oracle and I did. I also got to chat with Rich Levinson from Oracle, Sempo from Symlabs and Shekhar Sarrukkai from Securent. At the end of the event, I was fortunate to meet Gerry Gebel, VP, Identity and Privacy Strategies, Burton Group who was the individual who had sent me an invitation in March to check for participation.
Here is the official press release from Oasis.
Oasis XACML Interoperability Press Release
There will also be a Podcast beamed soon from Oasis which contains an interview of me (among others'). :)
UPDATE: Link for the podcast is: OASIS XACML Interop Event
If you need additional information, you can always contact me at ( anil DOT saldhana AT redhat DOT com).
I can vouch that this event raised a lot of eye brows in the industry because my blog post on xacml interop was perused consistently ever since it was published and it was a top hit on any google search, given that it was the only blog posting any details about the event. This basically demonstrates the interest in the community about xacml.
On my part, I will be releasing a beta version of JBoss XACML v2.0 (first beta and then the GA version) in the next 30 days. You will be able to use the lgpl licensed library in any Java Application. If you need a fancy GUI tool to go with it, I would invite you to contribute one. :) Why am I planning on a v2.0 straight away? The answer lies in the version of Oasis XACML Spec that it will support.
When Oasis XACML v3.0 comes out, then we can release JBoss XACML 3.0. ;)
Monday, June 25, 2007
Report on the W3C Workshop on E-Government and the Web
I was fortunate to make a presentation at the W3C Workshop on E-Government and the Web (June 18-19, 2007) to an audience that included Sir Tim Berners-Lee, technical representatives from Library of Congress, Other US Governmental Agencies, some UK Policy Makers (and technical representatives).
http://www.w3.org/2007/06/eGov-dc/agenda.html
You can get hold of my paper as well as the slides there.
Three key points I stressed were:
a) Make E-Government Services secure for the Average Joe to use. It should be a collective effort from technologies, policies, processes and the people.
b) Let all the E-Government services be reachable from single point of contact (Portals) that may be favorite to various cross-sections of people. If I live in Chicago, the IL State Portal can be the window of entry to all E-Government services.
c) Use of Federated Identity standards that are being developed including OpenID (in the blogosphere), SAML and WS-Federation. This will enable identity to be transmitted across the various e-gov services.
José Manuel Alonso, W3C eGovernment Lead was telling me that at the previous eGovernment Workshop that was held in Spain, many of the government representatives had shared a concern that many of the European nations had issued National ID cards and brought out a lot of eServices, that were used sparingly. Hence he liked my paper which stressed on the need for a single point of entry via a portal. This will actually build some trust context.
The report for the Spain Workshop is available at:
http://www.w3.org/2007/eGov/symposium-spain-report
Here is somebody talking about my presentation:
w3c-egov-anil-saldhana-on-secure-e-government-portals-building-a-web-of-trust-and-convenience-for-global-citizens
Initially prior to the Workshop, it was my desire to shake Sir.Tim's hands. But I got to sit beside him for 2-3 hours during the workshop (I hope some of the brilliance got transmitted to me - I can feel it). At the end of the first day of the workshop, I did discuss with Tim (he insisted on not calling him SIR. Tim), as to whether the current world of Phishing, online scams etc were not something he had envisioned when he invented WWW. I also asked him if security issues keep him awake at night. He said security is necessary (PGP, SSL etc) but he does not have sleepless nights. :)
http://www.w3.org/2007/06/eGov-dc/agenda.html
You can get hold of my paper as well as the slides there.
Three key points I stressed were:
a) Make E-Government Services secure for the Average Joe to use. It should be a collective effort from technologies, policies, processes and the people.
b) Let all the E-Government services be reachable from single point of contact (Portals) that may be favorite to various cross-sections of people. If I live in Chicago, the IL State Portal can be the window of entry to all E-Government services.
c) Use of Federated Identity standards that are being developed including OpenID (in the blogosphere), SAML and WS-Federation. This will enable identity to be transmitted across the various e-gov services.
José Manuel Alonso, W3C eGovernment Lead was telling me that at the previous eGovernment Workshop that was held in Spain, many of the government representatives had shared a concern that many of the European nations had issued National ID cards and brought out a lot of eServices, that were used sparingly. Hence he liked my paper which stressed on the need for a single point of entry via a portal. This will actually build some trust context.
The report for the Spain Workshop is available at:
http://www.w3.org/2007/eGov/symposium-spain-report
Here is somebody talking about my presentation:
w3c-egov-anil-saldhana-on-secure-e-government-portals-building-a-web-of-trust-and-convenience-for-global-citizens
Initially prior to the Workshop, it was my desire to shake Sir.Tim's hands. But I got to sit beside him for 2-3 hours during the workshop (I hope some of the brilliance got transmitted to me - I can feel it). At the end of the first day of the workshop, I did discuss with Tim (he insisted on not calling him SIR. Tim), as to whether the current world of Phishing, online scams etc were not something he had envisioned when he invented WWW. I also asked him if security issues keep him awake at night. He said security is necessary (PGP, SSL etc) but he does not have sleepless nights. :)
Subscribe to:
Posts (Atom)