The Open Group has received the first draft of the Authorization Services API. One of the goals of this API is to provide enterprise network administrators with a way to specify their security policies, so that they can be changed or invoked depending on situation. Such a policy could limit user access to certain times of the day, to a certain form of authentication or to a certain dollar amount, for example. In the words of Jim Curtin, president and CEO of Open Group member company DASCOM: The Authorization API can be used in all sorts of applications to reduce the cost and time-to-market in developing any network- based applications.
The idea is to have an authorization service working as a network-resident access control policy enforcement engine, in Curtin’s catchy phrase. The benefits extend beyond just cost of development and time-to-market, Curtin argues. There are also substantial returns on having a common management point to set and administer policy. Through DASCOM’s IntraVerse product, web applications, CORBA, MQ and traditional client-server applications are making use of the new API via IntraVerse. DASCOM has published the Authorization API from IntraVerse to The Open Group in the hopes that it will take the fast track to recognition as a standard. DASCOM is a past sponsor of the Open Group Research Institute, and is a co-author of the RFC 68.4 standard, already in the Fast Track process. IBM and HP have joined DASCOM in recognizing the potential benefits of the new API. á