steven-legg
commented
1 month ago ALFA 2.0 can slot in beside JACL 1.0 and XACML 4.0.
Open steven-legg opened 1 month ago
steven-legg
commented
1 month ago ALFA 2.0 can slot in beside JACL 1.0 and XACML 4.0.
cdanger
commented
1 month ago I would avoid anything with suffix "ACL" which may lead people to think this is a language for ACLs = Access Control Lists. (XACML is much more, this is ABAC!) Maybe ACPL instead? (P for Policy), so JACPL, XACPL (a.k.a. XACML), YACPL (for YAML)...
steven-legg
commented
1 month ago If we swap "access control" (AC) with "authorization" (A) we get the easier to pronounce JAPL, XAPL and YAPL ("japple", "zapple" and "yapple") and of course the specification that ties them together is the APL Core :smile:.
humantypo
commented
1 month ago JAzL, XAzL? AuthZ Language. Mixed cases, nice syllabic tempo. Rhymes with dazzle 😄
cdanger
commented
1 month ago If we swap "access control" (AC) with "authorization" (A) we get the easier to pronounce JAPL, XAPL and YAPL ("japple", "zapple" and "yapple") and of course the specification that ties them together is the APL Core 😄.
Yeah I thought of "APL" as well (as in Abac Policy Language or Authorization Policy Language works too) but then I stumbled upon an open source ABAC project called APL: https://github.com/intuit/identity-authz-apl ... which decided to go with its own language, so not XACML :-( .
But If you think that's no big deal, I'm fine with either APL or AzL (JAzL sounds cool for sure, but XAzL a bit hard to pronounce for me).
We're intending to make it possible to implement the next version of XACML exclusively using JSON (so without touching XML at all). However, anyone seeing "XACML 4.0" is likely to assume that it is still based in XML and may not look any deeper. Should we be calling the next iteration something else?
What we call things is intertwined with how we separate the specification into multiple documents and how we present the JSON (Schema) versus XML (Schema) representations, which we give prominence and what is deemed optional. We should consider a potential rename first because it will drive those decisions.
Here are some thoughts in no particular order.
The X in XACML doesn't really stand for XML but kind of implies it, so we swap that out (JACML) or drop it and be agnostic (ACML). The "ML" (markup language) is also a bit of a throwback to the XML world so maybe we just shorten JACML to JACL.
A question arises over the version number. JACL 4.0 and ACML 4.0 are a bit strange without there being a preceding JACL 3 or ACML 3.
We could go with an overarching name (e.g., ACML 1.0) that has two representations known as JACL 1.0 and XACML 4.0, either of which could be an optional, separate profile. That solves the versioning question and indicates the continuity from XACML 3.0 to XACML 4.0.
We could name the representations relative to the overarching name, e.g., ACML-J 1.0, ACML-X 1.0 (a.k.a. XACML 4.0). Or ACML-JSON and ACML-XML.
ACML still has that "M" stuck in there, but ACL is a bit too nondescript. Perhaps we swap the X to E and drop the M: XACML -> EACL, perhaps with representations JEACL 1.0 and XACML 4.0.