WS-Security in the Enterprise, Part 1: Problem Introduction
Subject:   Why not use the standards?
Date:   2005-02-12 10:22:54
From:   OConnor
XACML and SAML 2.0 provide this functionality that you are proposing be developed. Furthermore, this should be done in infrastructure. The best thing about SOA and associated standards (including security standards) is that this can be provided to applications from the infrastructure. Why develop this over and over again?

Full Threads Newest First

Showing messages 1 through 4 of 4.

  • Why not use the standards?
    2005-02-14 05:37:51  dpiliptchouk [View]

    To begin with - those are specifications, they don't provide any functionality by themselves. We could argue over whether or not they will achieve what I'd like, but the critical point is that, at the moment, there exists a wide gap between a set of already published specifications (and even more - on progress), and practical implementations applicable in the field. <p/>
    Realistically, I'm not hoping to fill this gap with only this work, and there's already a number of efforts in progress in many places to do just that. I have 2 goals with this series: to develop a lightweight general framework, addressing a subset of a more general problem for at least some people out there; and, along the way, to demistify them by looking into the involved standards from the implementation point(s) of view.
    • You should aqcuaint yourself with what's out there
      2005-02-14 08:23:59  OConnor [View]

      There are indeed many products that do this type of policy enforcement in the infrastrcture, and they are growing if not exploding. The value proposition for doing this in infrastrcture is overwhelming. Most app dev projects I have ever been on allocated zero time to developing security code, with app security being an afterthought. Now it can be an afterthought...
      • You should aqcuaint yourself with what's out there
        2005-02-14 08:49:52  dpiliptchouk [View]

        Since I've been working on development of one of the pioneering products in this area, I'm quite familiar with the landscape, as well as with the present problems out there.
        Should this functionality be eventually moved into the infrastructure layer? Definitely. Are we technologically at this point yet? By no means.
        This unfortunate fact, combined with the desire to provide some education value, was the main motivation for starting this work.
        • OK, Now I'm with you...
          2005-02-14 15:14:39  OConnor [View]

          you are proposing gap technology and working to educate folks...that makes sense.