OASIS has published a draft web service profile for XACML, called WS-XACML. Now, this seems to get very interesting, since it has the potential to truely deliver 'User-Centric' identity (as opposed to Infocard's ServiceProvider-centric identity).
The significant difference here is the availability of two sections in the XACML assertion: one defining the requirements, and the other the capabilities - for BOTH, server and client. InfoCard (and its implementations like Windows CardSpace or Higgins) do not really negotiate requirements, but the service provider (i.e. Relying Party) dictates its requirements and the client will only present Infocard conforming to such requirements. With WS-XACML (which - by the way - also works out-of-the-box with rich client applications) there is an initial policy matching of the server's requirements with the client capabilities AND vice versa. The superiory becomes obvious, when thinking about how easy it is with an InfoCard system to present a card with too much information.
tag: Privacy, Standards, Web Services, OASIS, XACML
Copyright by Gerald Beuchelt.
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.
In addition, my opinions can change. This weblog provides a momentary snapshot of such opinions. Existing posts that were written in the past do not necessarily reflect my current thoughts and opinions.
For the purposes of attribution, the author is "Gerald Beuchelt" and attribution shall provide a (clickable, where possible) URL to this site.
© 2008, Gerald Beuchelt
E-mail