Wiki space for work on 2010 Advance CAMP Action Item:
Assess Various Policy Engines using MACE-Paccman Benchmark Use Cases
On XACML
XACML stands for eXtensible Access Control Markup Language. It is a declarative access control policy language implemented in XML and a processing model, describing how to interpret the policies.
Selection of benchmark use cases from MACE-Paccman to be run. Note that there are links to solution outlines via Grouper, PerMIT and Kuali RICE
Course Deadline Extended
Old and New Payroll Clerks
Dorm Access for Residential Advisers
Professional Organizations and Federations
Drug Restocking Approval
Delegated Directory Administration
English language expression of policies implicit in each use case
Multiple representations may be needed
Expression of English language policies in XACML
Develop set of test cases, evaluate each test case with each policy engine
Report on policy language and policy engine evaluations including lessons learned, suggested next steps
Group Members
Leif Johannson, Tom Dopirak, Keith Hazelton...
Mailing List: <polengine@internet2.edu>
To subscribe, send mail to <pubsympa@internet2.edu> with the SUBJECT:
sub polengine FirstName LastName
Assistance desired
"anyone able to offer a test instance of a policy engine?
anyone who has installed one of selected policy engines willing to help this WG install them?
Does anyone at a campus that has a production implementation of an identifiable Policy Decision Point (PDP) component? If so, are you willing to be contacted with questions about your experiences?
Status
"polEngine" list created
Deliverables 1 and 2 completed
Adoption of Policy Engine work as a MACE-PACCman WG work item
Milestones
√ English language expression of policies implied by two or three use cases
...Ontology capturing business process, PDP, PEP
...XACML expressions for above policies
√ Spocp expressions for above policies and for PEP query to PDP
√ Test instance of at least one policy engine installed and configured
...Test suite for above XACML policies
√ Results of at least one run of test suite on the test policy engine
...Installation, configuration and testing of XACML-based PAP, PDP, PEP (Axiomatics)