Basically it is an extension to SAML, with eXtentions for how to exchange security tokens for permissions for authorization.
 http://www.oasis-open.org/committees/security/
For SAML
http://www.oasis-open.org/committees/xacml/
for XACML
in addition there is additional mechanisms for security management.
This standard will become more important as things like web services are implemented.

I am on the W3C Web Services Architecture group for my company, and security is being addressed.

Gerald Edgar

Brian May wrote:

On Fri, Feb 21, 2003 at 09:14:52AM -0600, Joshua Brindle wrote:
> http://www.eweek.com/article2/0,3959,893831,00.asp
> XACML (extensible access control markup language) ratified
>
> will selinux be taking advantage of this? i know someone was working on
> some xml stuff a while back but everytime i go look at where it is it
> hasn't changed.. anyone else planning on implementing an XML policy
> translator or something? Thanks..

So far I only have had a quick look at XACML (and may be totally
mistaken, I am still downloading the specs), but it would appear to
serve a different purpose to SE-Linux.

XACML, while a central policy, like SE-Linux, appears to be focused
around what actions individual users can/can't do. eg. Can a user log in
at time X:XXam?.

SE-Linux on the other hand is focused on what processes can access
what resources. eg. Can Mozilla access the user's PGP private key?
Can inetd bind on port 80?

These aren't necessarily mutually exclusive goals, just different
goals.
--
Brian May <bam@snoopy.apana.org.au>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.