Sun Releases Open Source XACML Language 157
LowneWulf writes "An InternetNews.com article mentions that the OASIS standards group today ratified the Extensible Access Control Markup Language 1.0 specification. But even better, Sun Microsystems Labs has backed this up with an open-source version in Java on Sourceforge."
wow (Score:4, Funny)
Re:wow (Score:1)
--
Stefan
DevCounter [berlios.de] - An open, free & independent developer pool
created to help developers find other developers, help, testers and new project members.
How? (Score:5, Insightful)
"Open source" reference implementation (Score:5, Insightful)
How can a language be open source?
I consider a language to be "open source" if it has a reference implementation available to the public as OSI Certified(TM) open source software [opensource.org].
Re:"Open source" reference implementation (Score:2, Interesting)
A language can definitely be 'Open', but the term 'Open Source' has absolutely no meaning when attached to a language.
'Open Source English'.
That makes absolutely no sense. My point is not related to how useful or good this language is, I'm just annoyed at this example of Sun's generally confusing and strange marketing.
English, a dialect of SQL (Score:1)
'Open Source English'. That makes absolutely no sense.
The PICK operating system had a database query language called English [wikipedia.org], a dialect of SQL. I'd consider the English programming language (not the English natural language in which this comment is written) an "open-source language" if one of the major free databases (MySQL, PostgreSQL, SAP DB, etc) introduced PICK interoperability through support for English queries.
If you're worried about my use of "open-source language" to refer to "computer language with a widely used open-source implementation", don't worry too much. Such "overloading" is common in computer jargon.
Re:"Open source" reference implementation (Score:2)
Sun is quite good at this sort of bullshit wordplay (though far from being the only ones). They really like to throw around the woprd "standard", conflating quite different meanings of the word to suggest that what they offer is not proprietary. For example, J2EE is "standards based", but only in the sense that a sole company (Sun) can define the standard.
They refer to the use of some XML syntax as using a standard, but as the W3C is not a true standards body ( as, say ISO is), XML is only a standard by general consensus.
Sometimes they refer to a something that's actually defined by a standards body. But that's rare.
Re:"Open source" reference implementation (Score:1)
From the home page: "Java Community Process is the way the Java platform evolves. Its an open organization of international Java developers and licensees whose charter is to develop and revise Java technology specifications, reference implementations, and technology compatibility kits. Both Java technology and the JCP were originally created by Sun Microsystems, however, the JCP has evolved from the informal process that Sun used beginning in 1995, to a formalized process overseen by representatives from many organizations across the Java community."
Re:"Open source" reference implementation (Score:2)
True. But who has final, legal say? If there is a disagreement between the JCP and Sun Inc, who wins?
Basically, Sun gets to pick people's brains, and see what major vendors are willing to support. But Sun gets the final say. Notice how all the copyright and trademark notices for Java(tm) refer to Sun, not the JCP or some other independant organization.
Re:How? (Score:3, Interesting)
A language doesn't need source; it's a syntax
Uh. And grammar.
Compilers need source, not languages. 'Open Source Language' sounds like more hype to me
Well open source language simply means a langauge where the compiler is OSS. It doesn't make less sense than saying "Perl is open source".
Re:How? (Score:1)
> Uh. And grammar.
Wrong. Grammar simply describes language's syntax.
Re:How? (Score:1)
>> Uh. And grammar.
>Wrong. Grammar simply describes language's syntax.
I thought that the grammar described the language's semantics. It's been a while since I took either Algorithms or Programming Languages, but that's what I recall.
Re:How? (Score:2)
Err eh ? (Score:2)
How is this getting modded up in a place where Java is constantly criticised for being closed source. If a company creates a document it owns the copyright on that document, if it trademarks a name it owns that name. If you create a language that has the same syntax with the same meaning then you are breaking those "rights".
UNLESS you can create a Clean Room implementation ala the original IBM Bios clones. And who would want to do that for a language.
Copyright and specifications (Score:1)
If you create a language that has the same syntax with the same meaning then you are breaking those "rights".
If I don't call it Java(TM) brand then I'm not infringing Sun's Java mark. Stating that something "interoperates with programs that use Java(TM) technology" is fair use of Sun's technology.
Likewise, if I write my own spec without using any of Sun's expression, I break no copyright. There is currently no U.S. copyright on facts (1y7 USC 102(b) [cornell.edu]; Feist v. Rural [cornell.edu]).
UNLESS you can create a Clean Room implementation ala the original IBM Bios clones.
The dirty/clean process used to write the clone of IBM PC BIOS involved one "dirty" team that turned the BIOS code and its observed behavior into a specification and another "clean" team that turned the specification into a computer program. It was designed to defeat any accusation of access to the original work, without which there is no copying and thus no infringement. Anybody who has never seen Sun code and works only from the published specification is already "clean".
Re:How? (Score:1)
Re:How? (Score:2)
This is an open source implementation of the OASIS XACML standard, written in the Java (TM) programming language.
It doesn't say that the standard is open source. It doesn't say that Java is open source. It says the implementation in Java is open source.
Of course, it doesn't prevent from creating close-source implementations of the same standard. But XACML standard specs by themselves are openly available [oasis-open.org] from OASIS.
JAY! Another language! (Score:2, Funny)
Jee-aah! Another language! That's great, because we can never have too many of these. I was just thinking to myself, "Gee, I wish I had another markup language to learn".
(obl: karma to burn)
Re:JAY! Another language! (Score:2)
Do you have a learning disability?
No. (Score:1)
No.
Re:JAY! Another language! (Score:2)
Presumably a heterogenous environment wouldn't be an entirely Java environment?
If so, I think I am obliged to learn both.
DRM? (Score:1, Offtopic)
What application does this language have in digital restrictions management of copyrighted works?
None (Score:3, Insightful)
Not everything is about DRM. Move along.
Re:None (Score:2)
I'd hardley say useless (Score:5, Insightful)
there are those who disagree, but those whose jobs require complexity, it is a step towards easier integration. Microsoft should just go with the architecture Oasis has laid out for ebXML and dump their piece of junk which originally had no concept of coreography.
Re:I'd hardley say useless (Score:1)
Hey I renember you people... I gave you a project and you gave me all these reasons why it will work...
It didn't work. But you gave me twice as many reasons why the next try it will work. So you tried again.
Eventually it was obvious that the world was just not ready for every arctitecture to seamlesly integrate with others.
I'm not touching it!
I'm going back to post it notes, you guys call me when you figure it all out.
Re:I'd hardley say useless (Score:1)
Re:I'd hardley say useless (Score:2)
Yes, and so are the other 3,142 languages that came out last month and the 2,675 languages from the month before that. Don't get me started on the 15,476
Got really excited (Score:1)
I got excited for second, incorrectly reading this as.. Sun Microsystems Labs has backed this up with an open-source version of Java
Re:Got really excited (Score:1, Informative)
Just more pseudo-Open stuff from Sun like... (Score:1)
Such prosaic names and acronyms... (Score:3, Funny)
They should have called its language PEP Talk.
Re:Such prosaic names and acronyms... (Score:1)
XACML is (Score:3, Funny)
made specially for hackers!
Interesting twist, the sourceforge bit (Score:3, Insightful)
Now on to more serious commentary. This story is interesting in that Sun might actually be "getting it". Sure they've been saying "we get it" for some time but that crappy Sun license...that's just what we needed, YACL (Yet Another Community License).
This project is actually on Sourceforge, and with a BSD-looking license no less!! I like what I'm seeing, Sun.
-joe
Re:Interesting twist, the sourceforge bit (Score:1)
Another Sun initiative on SF.
RTFP people (Score:5, Informative)
* One standard access control policy language can replace dozens of application-specific languages
* Administrators save time and money because they don't need to rewrite their policies in many different languages
* Developers save time and money because they don't have to invent new policy languages and write code to support them; they can reuse existing code
* Good tools for writing and managing XACML policies will be developed, since they can be used with many applications
* XACML is flexible enough to accommodate most access control policy needs and extensible so that new requirements can be supported
* One XACML policy can cover many resources; this helps avoid inconsistent policies on different resources
* XACML allows one policy to refer to another; this is important for large organizations, for instance, a site-specific policy may refer to a company-wide policy and a country-specific policy.
Before someone else rants about copy protection, find out what it is before you start typing. I'm guitly of it in the past, but this is a useful language will real benefits.
I read it but didn't understand it (Score:1)
One standard access control policy language can replace dozens of application-specific languages
But what is an "access control policy language"? Is it the language used to write ACLs on files and folders, or is it a language used to write copyright management information as defined in 17 USC 1202 [cornell.edu]?
Re:I read it but didn't understand it (Score:1)
Re:RTFP people (Score:2)
Secondly what do people feel about having a system like this in the public domain? I am not an advocate of security through obscurity but with this system the bad guys will have a very good understanding of how the whole system works. Should an implemenatation be exposed then multiple systems become vunerable.
On language-independent languages (Score:3, Interesting)
That XML is a lingua franca is frequently asserted but can't be proved. The reason is that XML has no (or more strictly, very limited) semantics.
To say that your application can "understand" XML because it can use the DOM API doesn't mean that it can interpret XACML, or any other XML "ontology". You might just as well argue that you can understand Danish because you can parse the "å" character.
All you are saying when you assert that XML applications can be written in any language is that the semantics of XACML (or whatever) can be mapped to various programming languages.
This feature is shared by any machine-readable language, many of which are arguably better at representing XACML semantics than XML.
Re:On language-independent languages (Score:2)
To say that your application can "understand" XML because it can use the DOM API doesn't mean that it can interpret XACML, or any other XML "ontology". You might just as well argue that you can understand Danish because you can parse the "å" character.
XML is a data storage format, well-suited to data that has heirarchy and structure. The DOM API could well be said to "understand" XML in the sense that it knows what it needs to know in order to directly translate an XML document into a data structure.
Of course it doesn't necessarily know what to do from there -- because that's domain specific knowledge. But no general API treats that, and that's why the analogy presented seems a little bit off to me.... talking about "understanding" in any case when it comes to modern computing technology isn't right.
Re:On language-independent languages (Score:2)
Only if you consider such general things as variables and operators to be domain-specific.
"General APIs" are probably not a useful concept here. It's possible to view DOM (but not SAX) as an AST, but this just serves to show how limited the grammar of XML is in relation to a conventional language.
Re:RTFP people (Score:2)
One XACML policy can cover many resources...
One language to rule them all...
Come on guys (Score:2)
Unfortunately not everyone "gets it" (Score:5, Insightful)
Funny how in many posts this has degenerated into either "we don't need no more stinkin languages" or "Sun/Java sucks, yadda, yadda".
Re:Unfortunately not everyone "gets it" (Score:5, Insightful)
oh cool (Score:1, Flamebait)
[/tongue-firmly-in-cheek]
I dont get this (Score:2, Insightful)
Its some what strange that given the recent 'commitment' from SUN to clean up the J2EE API's they want to foist this on us as I assume the enterprise is where it will see most usage.Is this sone sort of bastard child from the slightly less than successful Liberty project?
Interesting bit on OSL's (Score:2)
Almost sounds like they are either a)trolling for liscensing wars or b)trying to allay managerial fears about loss of code controll. While I would agree with them that for their purposes (and the purposes of any project/standard which needs to be integrated into the core of both commercial and non-commercial code) that the BSD liscense makes more sense I don't think they have to implicitly slam other liscenses like the GPL through use of MS like terms.
Re:Interesting bit on OSL's (Score:2)
This will get just a blip here but when "Micro$oft" says the GPL is viral then all hell breaks loose.
Weird, isn't it.
Re:Interesting bit on OSL's (Score:1, Flamebait)
Dear AC:
If you grow some balls and log in, I'll enlighten you. Otherwise, please kindly FOAD.
Re:Interesting bit on OSL's (Score:1, Troll)
Re:Interesting bit on OSL's (Score:2)
Re:Interesting bit on OSL's (Score:2)
Hope your case of moronitis gets better.
Re:Interesting bit on OSL's (Score:2)
XML stone soup (Score:5, Interesting)
It is a fundamental mistake to try to shoehorn semantics which will generally include logic - such as an access control decision - into a language which has no support for them. While XACML "is not intended to form the basis of an authorization decision by itself" it must of necessity include the means to combine and modify rules - hence requiring logical operators which of course have no standard representation in XML.
The specific result is that each attempt to use XML for anything other than the simplest semantics (SOAP, Schema, XSLT, JSP...) must invent its own representations of operators, variables, modules and so forth.
The general result is one unholy mess. We, the poor bloody coding infantry, have to face learning a dozen or more ways of representing the same fundamental concept in a multitude of languages, each supposedly specialized for a narrowly-defined task, but in reality incorporating almost-but-not-quite-all the features of a general purpose language. XML's ugly syntax becomes the least of our problems - that can always be hidden by visual tools or 'generators', but no tool is likely to be able to reunite fundamental concepts fragmented into so many different representations.
Standards such as these do not represent progress, they represent a growing mass of redundancy that one day will have to be refactored into more coherent form. Anyone who studied LISP, or some other language capable of representing the popular data and programming paradigms (logic, procedural, declarative...) will be aware that common ways of representing such semantics have been known for decades. The fact that the practice of XML continues to ignore such basic prior art is an extraordinary indictment of the state of our industry today.
I welcome any explanation from the individuals or organizations concerned as to what obliged them to make yet another idiosyncratic elaboration of the generally incoherent and unusable body of XML specifications.
Re:XML stone soup (Score:2)
XACML, as well as a few other XML "languages" is useful in that the policy is portable and everyone can benefit from better tools to work with the language. XML provides a middle ground for these languages. Sure, it doesn't have operators or behave like a programming language...but every programming or scripting language has several means of reading XML.
Re:XML stone soup (Score:3)
Not sure I follow you - what kind of construct would not be language-specific?
XML provides a middle ground for these languages.
"middle ground", "vocabulary" and "ontology" are certainly the kind of phrases you see in conjunction with XML. Unfortunately they mean very little.
every programming or scripting language has several means of reading XML.
No doubt. And probably a means of reading CSV files too. If you are implying by this that the ability to read XML structures is a significant contribution to the generation or interpretation of such languages as XACML then I think we'd have to disagree.
XML here is a simple "wrapper" or syntax abstraction for the concrete syntax underlying XACML (or whatever). By itself, does nothing to constrain or interpret the latter.
To take a simple example (from a guy called Philip Wadler, who has this on a T shirt)
1. Start with a mathematical function, say 2x
2. Now represent it in a convenient programming language, say Scheme: (lambda (x) (* 2 x))
3. But in XML, the syntax has to be explicitly flagged in frequently gruesome detail:
<abstraction>
<var>x</var>
<expression>
<app
<const>*</const><arguments>
<const>2</
<var>x</var>
</arguments>
</application>
</expression>
</abstraction>
For any non-trivial language, XML is just baggage, it doesn't add anything useful.
Re:XML stone soup (Score:1)
I meant not specific to the programming language(s) with which the construct is being consumed.
"middle ground", "vocabulary" and "ontology" are certainly the kind of phrases you see in conjunction with XML. Unfortunately they mean very little.
They actually mean quite a bit to some of us. If you've ever found yourself in the middle of a situation in which integration between a few complex systems is involved, all from different vendors, you would find reasons to overlook XML's warts. XML (or should I say: the software that has sprung up to support it) does offer you a more accessable programming model, which leads to more productivity, quicker project cycles, etc. When performance and verbosity are big issues, such as is the case when using smart cards and limited resource devices, XML can be transformed easily to other formats, such as ASN.1. Look at OASIS XCBF.
Yes, XCBF could have just done it all in CSV, but instead they chose something that has good schema definition languages, good processing tools, excellent coverage by the technical press, and dare I say -- unprecedented market acceptance.
2. Now represent it in a convenient programming language, say Scheme: (lambda (x) (* 2 x))
I think thats a slightly different use case than XACML is addressing. XACML is about asserting policies. No one is trying to do mathematical calculations in it. I generally agree with you here, I've opted away from XML in cases where I had to describe methods moreso than properties. There is one exception, however. ANT. I find it more convienient that the
Re:XML stone soup (Score:2)
Well, you are simply shifting the problem from the programming language to the other, "language-independent" language. In reality, there's no reason to privilege one language over another arbitrarily, and certainly not to mandate the use of multiple, highly redundant languages.
"middle ground", "vocabulary" and "ontology" [...] actually mean quite a bit to some of us. If you've ever found yourself in the middle of a situation in which integration between a few complex systems is involved, all from different vendors, you would find reasons to overlook XML's warts.
Passing over the obvious question regarding the decisions never to address XML's admitted warts but always to effectively compound them, you refer again to the XML programming model and its supposed advantages.
Once again, I have to point out that the relevant language, the one actually expressing the information we are interested in, is not defined by (constrained by) the XML specification but by higher-level specifications such as XACML. Any appeal to productivity, efficiency etc. must therefore show how XML tools help manage XACML semantics specifically, in comparison to standard language processing tools such as YACC.
Any transformation from XACML using standard XML tools cannot, by definition, improve on a representation of the underlying concrete syntax of XACML, since they know nothing about it.
Similarly, any appeal to authority regarding the acceptance of XML is no more relevant than the acceptance of ASCII. Naturally this doesn't stop every new language ("vocabulary") being described as "standard XML", but such descriptions are wholly misleading.
(lambda (x) (* 2 x))
I think thats a slightly different use case than XACML is addressing. XACML is about asserting policies. No one is trying to do mathematical calculations in it.
You appear not to have read the specification. Section A 14 describes the logical, arithmetic and other functions of XACML in some detail. It looks as though someone has invested considerable effort in deciding how 2x should be expressed in this "Access Control Markup Language".
Re:XML stone soup (Score:1)
Why don't you write a paper on how much better specialized grammars and scripting is than XML, then present it to the industry?
Make sure you format the paper in tex or groff or something else that doesn't use spurious ''.
I've been down the yacc route, and JavaCC, in the past and I am happy to use XML from now on wherever I can. You are free to stay with the old school way if you like. The critical mass is with XML, and it will get better.
Re:XML stone soup (Score:1)
s/spurious/spurious < & >/
Re:XML stone soup (Score:2)
I may be being exceptionally thick, but I just don't get your example, you seem to be saying that just because turning Scheme code into (an arbitary) XML layout makes it take more space, XML is useless. I'd argue that's completely irrelevent. XML is for representing data.
I should use a counter example I guess. How about you have a trading system which passes details of trades to some backend accounts system. It uses good old csv, so you get a file like this:
RHT, 300, 4.51, JBLOGG, JDOE, 19-2-03
IBM, 10000, 1.06, JDOE, JBLOGG, 19-2-03
Transform that to XML:(apologies for random spaces and semicolons slashcode seems to want to add)
Now, I'm not saying the latter is smaller. If data size matters, don't use XML. It doesn't matter to me (usually). But it's more human readable (which is sometimes nice). It's more flexible (when the sending system adds an extra field it just does so, the recieving system just ignores it - try that with csv!). It's more easily describable (want to tell people what format you use? just mail them the schema and voila - they can read your data). I don't believe XML is a massive leap forward, but it simplifies a lot of things and removes a lot of potential confusion. Standards are a good thing.
I can't see any reason (other than size, and you can always zip your files) not to use XML in the vast majority of applications which transfer/store textual (non-binary) data. You get free tools, you get free parsing/writing libraries.
Re:XML stone soup (Score:2)
Re:XML stone soup (Score:2)
I really fail to see what the problem is here. The last thing you want is to express authentication configuration in programmatic code! I mean, you can't write a
Re:XML stone soup (Score:2)
It isn't. Take a look at the appendix, you'll find 30-40 pages on data types, expressions, operators etc. - deja vu all over again.
Re:XML stone soup (Score:2)
f(x) = 2x
Now, you converted to Scheme/LISP and then to XML. That's bad. A more fluid translation to XML could be:
<function name="f">
<arguments>
<symbol name="x"/>
</arguments>
<body>
<operator name="*">
<constant value="2"/>
<symbol name="x"/>
</operator
</body>
</function>
Compared to C:
int f(int x)
{
return 2 * x;
}
Scheme/LISP:
(defun f (x) (* 2 x))
C++:
struct
{
typedef int results;
typedef int argument_type;
int operator()(int x)
{
return 2 * x;
}
} f;
The XML isn't really that bad.
Re:XML stone soup (Score:2)
The fact that XACML invents most of a full programming language, as does XSLT, JSP ad nauseam results in massive duplication and hence confusion, lost productivity, efficiency and flexibility.
You are welcome to express your logic in XML syntax, just don't invent a different syntax, grammar and feature set for each "application".
Re:XML stone soup (Score:2)
Re:XML stone soup (Score:2)
The MatchId attribute SHALL specify a function that compares two arguments, returning a result type of boolean.
instead of providing a formal definition such as a BNF can't disguise this.
Now if this spec was part of a coherent and properly factored set of XML standards the job of the implementor would be vastly easier, since implementations of things like expression evaluators would be common and could be shared - easier to learn, write and maintain.
Rather than pretending to people that it's "relatively easy" to implement specs. like XACML using standard XML tools, a more useful contribution would be showing how useable Scheme, Haskell or other language semantics can be mapped to XML (if required), so helping rationalize the situation.
Re:XML stone soup (Score:1)
Company A wants to exchange data(ie order forms) with Company B. (Amazon and CDNow for a lack of better example).
Now, if they used a proprietary format, it's all good, they make the specs together, then each implents it.
Then, Company C wants to be included in the exchange too. They send the specs of the file format and Company C implements it.
And so on. It could introduce many bugs since they don't have the same implementation details, if A and B want to add a field, but not C, C will still have to change it's implementation, unless the format allows additional field without breaking compatibilities with previous version of the file format.
However, if they used a standard format, whether or not it's XML-based, they would only have to take a reference implementation to parse the data, and thus will probably have much less differences, bugs and security issues.
XML is just a nice way to make a standard, it always parses the same way, and don't care when you add new fields, you must really change the whole language to break compatibilies with previous versions.
XML is just that, a nice standard way of doing standard language for information exchange. You could do it in CVS for example, but it's hardly flexible like XML. You can create proprietary formats, but it will take more time, and each companies are likely to have to build the implementations themselves. With XML-based language, it's very easy to do a reference implementation since XML always parses the same way and is very flexible.
Hope that helps.
Re:XML stone soup (Score:2)
Now repeat after me: XML is basically just a syntax. It was never intended to be computationally complete in the same way as marking up things with balanced parentheses is not computationally complete. Yet you can map your favorite programming language into an XML representation, and vice versa.
Anyone who studied LISP, or some other language capable of representing the popular data and programming paradigms (logic, procedural, declarative...) will be aware that common ways of representing such semantics have been known for decades. The fact that the practice of XML continues to ignore such basic prior art is an extraordinary indictment of the state of our industry today.
The fact that someone tries to come up with a standard that would be widely accepted shows our industry as a maturing one. Sorry, but Lisp doesn't cut it for the IT masses in general. It missed its chance back then. It's a generic language, with strong background in programming, and it doesn't have such an emphasis on validation of semantically-loaded subsets as XML applications had from the very beginning.
Re:XML stone soup (Score:2)
I agree with your first statement, which is not surprising as I stated it in my first message, but I don't think many will agree that any set of standards, no matter how redundant, inflexible and unmaintainable, represent progress in the industry.
Your views on LISP per se are not particularly relevant, the point is that there are generic programming concepts in multiple XML specs. that can and should have been factored out. XML is not, as you say yourself, an alternative to LISP, but XML with appropriate coherent extensions could well be.
Re:XML stone soup (Score:2)
Re:XML stone soup (Score:2)
I don't think there is a mainstream attempt to unify languages like Java, XML, XSLT etc. However, there is probably a consensus that the best starting point is Scheme, the LISP-like teaching language. This starts from the basic principle that programs-are-data, meaning that Scheme can happily substitute for both Java and XML. This has led people to provide mappings between XML, XSLT etc. and Scheme.
More interestingly, there are some usable Scheme implementations around now, so it's a good time to play with it if you have some time. Grab, say, DrScheme and/or SISC (Scheme on top of Java) and go through the famous Structure and Interpretation of Computer Programs book - I found it very enlightening and not too dry, despite some reviews to the contrary.
Pointers are on the Schemers [schemers.org] site.
Re:XML stone soup (Score:2)
Okay, an attempt to explain... (Score:4, Interesting)
Basically, in the world, there are many scenarios where it would be VERY useful to be able to enable access controls on various resources in a system. By "access controls", I mean rules which define who can perform actions on given resources. This sounds so general because it is very general. The purpose of XACML is to provide a language which allows you to specify these rules, or policies, in a nice format independant of the rest of the system (data storage, etc) for any number of domains, and provides software to implement the required components for such a system.
As a solid example, you could use XACML, a central PDP, and a PEP on a set of firewalls to control which IPs have access to what. You'd have to write a PEP for the firewalls, and set up a PDP to handle the requests, but once this is done, you could use XACML to write firewall rules!
Another example, suppose you have a user trying to access their email. You could have a PEP in the client which talks to a PDP to determine if the user is allowed to perform various actions on the mailbox (read, write, etc). In this case, you'd use XACML to determine who can perform what actions on the mailbox.
In both of these cases, XACML defines the language PEPs use to talk to PDPs, and also specifies a common XML language for defining the policies to determine who can do what.
In essence, XACML abstracts these concepts of policy enforcement, rule definitions, etc, and wraps them up in a nice XML language which can be used in any component which implements the XACML specificiations for a PDP and PEP. Why would you want to do this? Well, first, it allows you to use plug in in an access control system, rather than having to roll your own. This is good. Second, anyone who implements the XACML standard can interwork. So, I can write a PEP for my email client, and use Joe's PDP to enforce policy in my system. Third, because all your systems now use a single language, you can centralize the policy database and use common tools to manage all of them. An administrators dream!
Now, this is really important people, this has NOTHING TO DO WITH DRM! Or Palladium! Or any other conspiracy theory you want to come up with. This is simply a tool for software developers and system administrators to easily integrate a standard access control framework into their systems.
* Note, in the previous, PDP - Policy Decision Point, and PEP - Policy Enforcement Point.
Re:Okay, an attempt to explain... (Score:2)
So why not use a general-purpose language rather than inventing your own?
Re:Okay, an attempt to explain... (Score:1)
Because there's no such thing.
I work in a place that's responsible for software with complex business rules surrounding access control (authentication and authorization), written in ASP, Java, Perl, C#, and VB. So then what would YOUR solution be for me? To write separate access control mechanisms for each one in their own languages? Or scrap all of the existing code and pick one language? Or have then all connect externally to a "general-purpose language" and end up dumping all of the dissimilar access control rules into one container and struggle with how to consistently store and implement them?
Sun's done much of that with their new "language" (although I disagree with that description). XML is perfect for storing this kind of information because you have to be able to not only self-describe the access control rules, but also have the flexability to define them in complex and embedded ways.
Looks like an interesting technology to me, and certainly a compliment (if not extension) to JAAS, which is a arguably the most popular public application development security schema around. Unfortunately, it describes its access control rules in Java, not the language-independant XML format in Sun's new technology.
Re:What idiots (Score:5, Insightful)
Does it ever occur to Sun that Java is not the answer to all problems? That maybe, just maybe, an implementation in C would be more generally useful as a reference implementation?
I know more Java programmers than C programmers
All industry software projects I'm involved in are in
HINT: its not C and its not C++.
angel'o'sphere
Re:What idiots (Score:2)
HINT: its not C and its not C++.
is it C# ?
Re:What idiots (Score:5, Funny)
Intercal? BrainF*ck? Fundies? Well for god's sake man, do tell!!
Re:What idiots (Score:1, Interesting)
The reason they can use languages like OCaml for doing work like this is because the underlying system has already been implemented in C, and there's a regular interface for OCaml or other high level language to use. Most languages even go so far as to provide ways to use C libraries, which should show just how powerful C is.
Even so, C has some shortcomings, mostly related to many (some/a lot) of the functions in the standard library not being thread safe. A good example of this is strtok(), which isn't reentrant. The solution for fixing this was to add a function, strtok_r() that is reentrant. This works just fine, but overall isn't a good idea, because what happens next time when strtok_r won't cut it? Will strtok_r_x be added? It becomes a nightmare, because you still have to support strtok in your compiler to stay compatible with old code. C is by far the best language for programming a computer, but it's starting to pick up some baggage after 30 years of change in an industry where five years can make something obsolete (not obsolete in and of itself, just in comparison to the ``next new thing'').
The solution is a new language, written for the technology of today and backported to old computers. It would be as low level as C or lower, and have no functions that aren't reentrant. Perhaps a way of doing objects and better exception handling could be added: closer than Objective C is to C, but implemented on the next level with the new language.
As for other languages, they really don't cut it for down and dirty programming. Without a low level language, we could find ourselves in a postition similar to those people in Star Trek:TNG that had all this nice technology that nobody knew how to use. C++ really doesn't have any uses. A quote in the recent funniest nerd joke thread perfectly describes C++. Also, I have a word for people who can program Java but not C: dumbass. C is about programming a computer, Java is about using a computer.
It's a testament to C's power that it's been around for 30 years, but in that time, the way computers work hasn't changed all that much. Now they're starting to change, and adapting C to them is going to be more difficult and require clunky kludges that will eventually end in C being used like Java, rather than C used to control a computer-machine. That's why now is a great time to write a language to replace C. There are people out there with Linux kernel programming experience that know what this language needs to be, and everybody has 30 more years of experience to use to write the language.
As a bonus, if it were finished soon enough, the Hurd people would have to start over and rewrite everything in the new language.
Re:What idiots (Score:3, Interesting)
Also, I have a word for people who can program Java but not C: dumbass. C is about programming a computer, Java is about using a computer.
If C is the only language you can write in, then every further word is wasted I guess.
Anyway:
The solution is a new language, written for the technology of today and backported to old computers. It would be as low level as C or lower, and have no functions that aren't reentrant. Perhaps a way of doing objects and better exception handling could be added: closer than Objective C is to C, but implemented on the next level with the new language.
Probably you might look at 'D', the language Walther Bright is working on? See www.digitalmars.com.
C might be an appropriated language for system programming, but that is more or less a shortcomming of our current computer architecture, not a feature of the language C.
Two simple 2 liners like:
int i = 4;
fwrite(FILE, &i, size_of(i), 1);
and
int i;
fread(FILE, &i, size_of(i), 1);
Thats not even portable over different system architectures. And sometimes not even over two different compilers on the same architecture.
If everything looks like a register or like memory your appropriated tool is
But if your problem is not register or memory and not signal processing
Neither is Java, but we have nothing wich is better
At least a Java program or a server component running on an App Server is portable.
And Java offers hundreds of APIs, STANDARDS even, to cope with all cross architecture interoparability problems.
If you would say, PERL, ok, then I only could say: puh, a nerd, writing in a cryptic 'write once, never maintane' language.
But PERL indeed offers nearly everything Java offers. Easy web integration, DB access, portability, speed, text and XML processing etc.
But C?
BTW: writing a linux like kernal is to be done far easyer in Java then in C/C++.
Your post simply shows that you have no clue about Java and that you think you have a clue about C
angel'o'sphere
Re:What idiots (Score:2)
some of your words are true some not.
E.g. Bertram Meyer, the inventor of Eiffel, made researches about the efficency of garbage collection by comparing C programs without GC to similar written Eiffel programs with GC.
He found in his researches that the GC of the Eiffel programs where faster (and bug free) than the C programs with hand crafted memeory management.
His conclusion was that a good GC(adapted to the program structure), often based on a gloabl optimization, done by the Eiffel linker, is very much faster than hand crafted code.
If I remeber right, all C programs had memory allocation/deallocation errors anyway
Well, that research is ten years old
Your word about speed
Of course you are right, if you need to access certain hardware you likely will need C. However your assumption that everyone using Java never has learned how a computer works is wrong.
Everybody studying CS at a university in germany learns how a computer works. I asume other universities in the world teach that as well.
I conclude you refer to "self tought" Java programmers. Well, gladly those ignorant self declared develoers use Java and not C, don't you agree?
Some more of your wrong assumptions:
A lot of embedded systems in our days are written in Java
I know what reentrant means. Just for your reference
No, Java has not abstracted reentrance problems away. However it offers language level constructs to tackle it. (the synchronized keyword)
Java to native compilers exist since the first days of Java.
Java VMs exist for nearly any thinkable platform, however Sun only offers 3, as far as I know.
Surely you are still right, as you get C for realy every platform.
Most VMs compile byte code on the fly to native code
If you need an embedded VM and like to talk to Java people who are fully aware of how a machine works, you probably should visit the Wonka web site.
http://wonka.acunia.com/
By googling for "Embedded Java VM" you find a lot of vendors offering similar products.
Anyway, I don't challange your reputation as C developer. However I hope you will meet some profound java developers as well in your life
angel'o'sphere
P.S. I only used C for 2 years and switched to C++ then
Re:What idiots (Score:2)
All industry software projects I'm involved in are in
HINT: its not C and its not C++.
Maybe in the world you are in, but if I look on my PC there's not one single application that's written in Java. I write software for embedded systems and that mostly still C and C++ (with a touch of assembler).
Furthermore, an implementation in C would be more useful because practically any platform supports a C compiler, whereas by far not all do support a Java VM.
Not that I think an implementation in Java is bad though. It may be that the majority of apps needing this technology are actually written in Java...
Re:What idiots (Score:2)
Java is just emerging in the embedded system area.
I consult in writing enterprise wide IT solutions. If the desktop is involved in that, then Visual Basic is the prefered solution(not by me, but by the customers).
Why? Well, the desktop is Windows, sadly
On my PC the only Java applications are CASE tools written in Java, the IDE, written in Java and the tools, written in Java, like ant, tomcat etc.
angel'o'sphere
Re:What idiots (Score:1)
All industry software projects I'm involved in are in
Absolutely... I love C/C++, but haven't done anything work-related in it for at least two years now.
Re:What idiots (Score:1, Insightful)
Re:What idiots (Score:4, Interesting)
However, if this technology requires the client to implement some complex authentication stuff, you've got a problem. Exclusively tying your reference implementation to 'weighty' technologies like
Every language is a niche language. (Score:2, Interesting)
C is a low level language that nearly nobody understands. Sure, anyone can look at the language as a whole and think they ``get it,'' but the number of buggy C applications out there speak for its complexity.
Java is a good high-level language. Most applications need to be written in high-level languages. That means that most developers should be using high-level languages to get these things written.
C is good for writing the low-level portions of operating systems, and perhaps some embedded work.
For those who still complain about the speed of java, look to languages like ocaml and the bigloo scheme compiler. In my tests, they both produce insanely fast code (slightly slower than the C from which I translated it, faster than anything else), but are high-level languages well suited for general application development.
Re:Every language is a niche language. (Score:2)
Are you sure?
Then why do the access control rules need to be specified in another language (XACML)?
And why can't users work with Java code?
Re:Every language is a niche language. (Score:2, Insightful)
Java is not a high level language (Score:1)
When will the myth ever die? Java is not a high-level language. Neither is C nor C++. They are all categorized as low-level languages. Being high or low-level has nothing to do with how "good" a language is or how much hype or popularity or evangelism it has. Go study the theory of programming languages.
The level of a language has to do with the expressiveness of the paradigms (concepts) you can use directly in the language. In this regard it can be easily argued that C++ is of a higher-level than Java because it supports the programing paradigm of generics, whereas Java in it's current form does not. But then look at something like Python [python.org] and it's many higher-level features such as dictionaries (associative arrays), generators, or even built-in infinite-precision numbers and imaginary numbers. In those cases the language allows you to directly express those complex concepts that you have to "program" yourself (or use libraries) using lower level languages. And then you can progress up to languages like Haskell [haskell.org] and so forth which are higher-level still.
As another example, it should be obvious that within it's intended problem domain even a language like SQL is of a higher-level than Java, and SQL is still just of some intermediate level. Even some generally unpopular old languages have some high-level features not found in Java/C/C++ like Scheme's continuations or COBOL's PIC formatting or Fortran's matrix arithmetic. I know you can program those in Java, but those high-level concepts are not directly provided by Java.
In the big picture of all the languages out there Java is decidedly pretty far over on the scale of being low-level. Again level is not a scale of goodness, so don't fall into that misconception and use that term as such.
Re:What idiots (Score:5, Informative)
Besides, this kind of thing would typically be used in a web application environment, where C typically is not the language of choice (mostly because core dumps are not acceptable in a server environment). And guess what, sun happens to produce some of the most popular tools and techniques for web applications (mostly Java based).
Re:What idiots (Score:5, Insightful)
Did it occur to you that Sun would write the code to match whatever use fits THEM the best. The fact that they then turn around and make the code OS is a gesture on their part. Did you think they sat around and said "hey, lets write an implementation of this for the masses"? Nope, their needs came first, as it should be.
The force has light and dark sides (Score:1)
Who will use it, and for what purposes??
A generic digital restrictions management component such as XACML, TCPA, or the technology formerly known as Palladium can be used for good (protect the privacy and integrity of personal information) or for evil (deny fair uses of copyrighted works).
Re:oss'ed DRM? - NEWS FLASH (Score:1, Funny)
Re:jeeez... (Score:1)
Here is a PDF, I found it in, oh, 2 seconds. Granted, Docbook would have been better seeing as its an OASIS Specification itself.