Kantara Initiative Workshop 2010 07 27
July 27, 2010 12:30-2:30pm, Room Aqua 302, Hilton Bayfront Hotel
Where: Burton Catalyst San Diego
Title : Authz Standards
Agenda:
Welcome, Intro & Overview, Paul Madsen
Preso 1
XACML 3.0 Update
It’s been more than 5 years since eXtensible Access Control Markup Language (XACML) version 2 was standardized at OASIS. In the meantime XACML has grown in popularity as a standard and the number of production XACML implementations continues to grow steadily. XACML 3.0, currently in the final stages of ratification, contains significant enhancements that will enable it to keep pace with growing enterprise demands. In this session, Gerry Gebel will describe the enhancements to version 3.0, including the SAML 2.0, Delegation and Multiple Decision Request profiles. Gerry will also provide use case samples of how new features of XACML 3.0 can be implemented.
Gerry Gebel, Axiomatics – 20 mins
Preso 2/use case
OAuth
As today's businesses increasingly shift their processes into the cloud, a simplified set of design patterns and standards are required to harmonize the speed and compelling economics of the cloud with companies’ existing Identity management systems and processes. Topics will include the evolution of OAuth2, and it’s applicability to enterprise use-cases for cloud authorization and API federation.
Chuck Mortimer, Product Management Director, Identity & Security, Salesforce.com – 20 mins
Break
Preso 3/use case
IASWG overview and review of authorization use cases
Describe IASWG purpose and goals, review authorization use cases received by IASWG thus far, review Concordia AuthZ Survey results.
John Tolbert, Boeing & Gavin Illingworth, BMO – 20 mins
Preso 4/use case
OpenAz: Building and Deploying XACML PEPs for Attribute-Based Access Control
There is an increasing consensus that access control decisions should be externalized from applications or services to a policy engine implementing a PDP. To take full advantage of this model, one needs to embed PEPs in applications, middleware and services in a performant and flexible way. OpenAz (http://openliberty.org/wiki/index.php/Main_Page#OpenAz) is an open source project aimed at creating language bindings for the XACML PEP request-response protocol. A sample implementation of the Java AzApi, which implements the XACML PEP protocol, is available from the OpenAz website.
Prateek Mishra, Oracle – 20 mins
Preso 5/use case
Federation Authorization and the Cloud - Why A Pragmatic Approach is Important
Pam Dingle will discuss what organizations are doing today in the context of federation and authorization. Further he will examine what are the next pragmatic steps organizations should consider such that they can successfully implement a federated authorization model for cloud computing.
Pam Dingle, Ping ID-- 20 mins
*Closing comments 10 mins*