Monday, March 20, 2006
Why enterprises should be paying attention to XACML
For a good overview on XACML, please click here. Of course, I have my own questions on XACML that are outstanding. Hopefully vendors who offer solutions in the XACML space and the analysts that cover them will trackback this blog entry and start meaningful discussions to provide answers to some of them below:
- How should one store XACML based policies in LDAP?
- How come no book publisher has considered a book on XACML? (Tim Oreilly, please step up)
- For the folks that created JSR-168, shouldn't they be thinking about accepting XACML via a standard portal API? (Liferay Enterprise Portal will be the first Enterprise Portal that supports XACML
- How should XACML interact with WSRP?
- I really would love for Gartner to create a quadrant and Forrester a Wave on XACML compliant products. What would it take for them to get one out the door, say by the end of April?
- It seems as if only the folks at Burton Group are talking about XACML publicly. How come they are the only industry analysts that realize its potential?
- Jericho Systems and Securent seem to be the early leaders. Who are their emerging competitors?
- Identity Engines seems to be talking about another important space not well discussed: enterprise guest management. Could this become a part of Compliance Oriented Architectures 2.0?
- Other vendors that compete with Identity Engines such as Nomadix, ValuePoint Networks, Pronto Networks, Roving Planet, Device Escape, Enterasys and Trapeze Networks all seem to be thinking about the same space but can't tell why they aren't also embracing XACML.
- Kim Cameron talks periodically about spam and identity. I wonder if he would start talking about XACML in context of whether a user can send emails, etc.
- The notion of fine-grained entitlements actually seems more important to an enterprise than the focusing on provisioning which many analysts are currently focused on. Likewise, many of them are covering auditing-oriented products such as IPLocks and Lumigent. Should they really be separate products or should they be a component of a larger entitlements strategy based on XACML?