OASIS has published a draft web service profile for XACML, called WS-XACML. Now, this seems to get very interesting, since it has the potential to truely deliver ‘User-Centric’ identity (as opposed to Infocard’s ServiceProvider-centric identity).
The significant difference here is the availability of two sections in the XACML assertion: one defining the requirements, and the other the capabilities – for BOTH, server and client. InfoCard (and its implementations like Windows CardSpace or Higgins) do not really negotiate requirements, but the service provider (i.e. Relying Party) dictates its requirements and the client will only present Infocard conforming to such requirements. With WS-XACML (which – by the way – also works out-of-the-box with rich client applications) there is an initial policy matching of the server’s requirements with the client capabilities AND vice versa. The superiory becomes obvious, when thinking about how easy it is with an InfoCard system to present a card with too much information.
tag: Privacy, Standards, Web Services, OASIS, XACML