Sun's XACML Implementation Developer Tasks
Because the tasks, thus far, have been addressed by a small group,
and because the list isn't growing very fast, this hasn't been moved
to the Sourceforge task tracking system. If the task turnover rate
increases, this may change. If you have strong feelings one way or the
other on this, please mail us!
This is a list of concrete and abstract tasks that have already been
identified as good next steps for this project. Interested? Feel free
to sign up for some, or offer your own ideas.
There are several small and large changes/additions that we have
already identified as important to this project. If you're looking for
something to do to get you started with the codebase, you might
consider working on one of these tasks. If you've got questions about
these tasks, want to suggest other tasks, or want to start working on
a task listed here, check out this page on how
to get started as a developer on this project.
Note: With the 1.2 release finished, we're starting to look at
what has to happen for a 2.0 release. This will involve a lot of work,
but the task list isn't ready yet. For the time being, all that's left
here are the few things that didn't get picked up for the 1.2
release. If you're interested in what else needs to get done, or if
you have specific things you'd like to see happen in 2.0, please let
- The three optional XPath functions are the only standard
functions not supported in the current codebase. Support for
these functions should be added in such a way that it's easy to
remove/replace different implementations that use different XPath
- The Target interface should be cleaned up so it's easier to work
with the TargetMatch objects.
These are some general tasks that we need people to start considering.
- Performance. No one has taken a long, hard look at how to
optimize any of the performance issues in the code. There are
undoubtedly a lot of obvious and not-so-obvious tasks available
here. Working on performance tuning as well as performance analysis
would be very helpful.
- Protocol Design. There have been some discussions about
the online protocols that are used to talk between a PDP and PEP, about
potential protocols to talk to a PEP, about how the PDP communicates
with outside sources, etc. Working on prototypes or within some
standards bodies, it would be useful to start fleshing out some of
these protocols, which might be XML-based or might have some tighter
representation (like a simple binary protocol for talking to a PEP
from a constrained device). Note that some work has been done with
SAML, and and SAML 2.0 will probably include some standard ways to
query an online PDP. Mail us if you want to know more.
- Working With Existing Systems. Part of what will make
XACML really powerful is interoperating with other standards. Work
is already underway to define how policies are stored in LDAP,
attributes are shared using SAML, etc. Working on specifications or
prototyping code to connect XACML and other related standards will
be a very important task.
- Management. People will have to work with XACML policies,
both writing them and then managing them. Good tools and interfaces
are needed to make XACML a success. We would welcome your thoughts
and experiences in this space. This is one of the next big projects
that will be starting here soon.
Copyright 2003-2004 Sun Microsystems, Inc. All rights reserved. Use is
subject to license terms.
Sun, Sun Microsystems, the Sun Logo, and Java are trademarks or
registered trademarks of Sun Microsystems, Inc. in the US and other
Last Updated On: July 16, 2004