Widespread adoption seen for XACML specs
Within a year, developers can expect to see widespread
adoption of the Extensible Access Control Markup Language (XACML), the newly
ratified OASIS information access standard for Internet applications, XML
XACML gives developers information access controls for
Web services applications, said Brad Brown, chairman and chief architect of TUSC
(http://www.tusc.com), an Oracle
consulting company based in Lombard, Ill. He likened the new standard to access
controls that have been deployed for decades on mainframe systems.
''Access control is something that's been around for a
while dating back to the early DEC days with file systems,'' Brown said. Until
the advent of XACML, there was no easy way to set privileges for things such as
read and update for Web services and other applications operating via the Internet,
''This technology provides that for this world,'' Brown
said. ''It gives you additional security privileges that historically you
haven't had. You could certainly build it into your Web application, but people
would have to go
out and manually build that stuff.''
Ron Schmelzer, senior analyst at ZapThink LLC (http://www.zapthink.com), a
Waltham, Mass.-based firm specializing in XML technologies, agreed with Brown
that XACML would appear in major vendors' Web servers within six months. The
analyst estimated that it would have widespread implementation in Web services
applications by the end of this year or early 2004.
Noting that it was complementary to Security Assertion
Markup Language (SAML) from OASIS, Schmelzer said XACML would make it easier
for end users to work with Web services applications. Operating similar to single sign-on, once a user's access privileges are set, they can then work uniformly with all of the services across the Internet that are incorporated into a Web services application, he said.
Brown said once XACML becomes a standard feature of Web
server products, implementing access controls in Web services applications
''I think it will be very easy to implement,'' he
explained. ''That's the good thing about standards that have been developed to
date. People have been pretty specific about making this Web development world
easier and easier. I think that's a pretty important part of the development
life cycle, freeing the time and energy people spend re-inventing the
Rich Seeley is Web Editor for Campus Technology.