Article:
  WS-Security in the Enterprise, Part 1: Problem Introduction
Subject:   Why not use the standards?
Date:   2005-02-12 10:22:54
From:   OConnor
XACML and SAML 2.0 provide this functionality that you are proposing be developed. Furthermore, this should be done in infrastructure. The best thing about SOA and associated standards (including security standards) is that this can be provided to applications from the infrastructure. Why develop this over and over again?


http://www.sys-con.com/story/?storyid=47279&DE=1

Main Topics Oldest First

Showing messages 1 through 1 of 1.

  • Why not use the standards?
    2005-02-14 05:37:51  dpiliptchouk [View]

    To begin with - those are specifications, they don't provide any functionality by themselves. We could argue over whether or not they will achieve what I'd like, but the critical point is that, at the moment, there exists a wide gap between a set of already published specifications (and even more - on progress), and practical implementations applicable in the field. <p/>
    Realistically, I'm not hoping to fill this gap with only this work, and there's already a number of efforts in progress in many places to do just that. I have 2 goals with this series: to develop a lightweight general framework, addressing a subset of a more general problem for at least some people out there; and, along the way, to demistify them by looking into the involved standards from the implementation point(s) of view.