Archive for the ‘Standards’ category

Instigating Again – XACML 3.0 Interop

August 4, 2010

One of the points I made during my vendor lightning round session at Burton Catalyst last week was that the industry should be looking ahead to an XACML 3.0 interop in 2011, perhaps at the next Catalyst conference. Catalyst was the site of the first ever XACML interop demonstration back in 2007 and would be a great venue again next year. It is expected that more vendors will adopt version 3.0 once OASIS completes formal standardization (currently a committee draft and will shortly be voted on as committee standard).

There are some basic usage scenarios that can be tested, such as implementing policies authored in one vendors PAP in another vendor’s PDP. Another scenario that is frequently mentioned is integrating a PDP with other vendor’s PEPs. What scenarios are most important to you?

Another item to consider is whether the industry needs certified conformance testing of XACML products. This capability has been very valuable to the federation market, but there is a lot of ambiguity today for externalized authorization manager products. If vendor products were certified as conformant by independent party, would that be valuable to you?

Finally, interoperability and standards conformance are more important than ever for the externalized authorization manager market. Demand is increasing from enterprises, SaaS vendors, cloud service providers, and others. These prospective implementers of XACML-based solutions must be confident of the functionality supported in commercial products and they should have a clear understanding of interoperability capabilities. That is why we are calling on other XACML vendors to join us in planning for the next interop event and also to seriously consider sponsoring a certification process.

image credit:


Concordia hosts Authorization Standards Workshop

July 9, 2010

The Concordia Discussion Group is planning another workshop at Burton Catalyst North America, continuing a trend of providing timely and informative events. I have had the pleasure of participating in the past and will provide an update on what is new in XACML 3.0 this time around. XACML 3.0 is nearing ever closer to formal standardization – and contains several useful enhancements that are important for leading edge as well as legacy application environments.

Information on the workshop can be found here. Admission is free – you just need to register with Dervla O’Reilly to attend. Hope to see you there!

Stand Up For Standards

May 6, 2010

Andre Durand’s keynote yesterday at the EIC conference contained many quotable quotes, but the one that stood out for me was, “Enterprises must stand up for standards.” Andre said this while describing the role pure play vendors have in the greater IT community – keeping the large vendors honest regarding their commitment to standards.

IdM standards offer the promises of interoperability, independence from vendor lock-in, and future-resilient systems. Does your vendor have the same perspective?

Enterprises can let vendors off the hook if they don’t inquire, specifically, as to how a product implements a particular standard. Do you ask, in advance, detailed questions about how completely a standard is supported? Does your vendor avoid directly answering these questions, or are they forthcoming?

During product evaluations, there are times when purchasers can compromise on any number of issues. Let’s face it; there are no perfect products available. And, no vendor has anticipated every use case. Deadlines are looming, we have to make a decision.

Ultimately, enterprises hold the power and influence in their budgets. Are vendors serious about their commitment to identity management standards? The answer can be found in your purchase order.