We need standards for Model Driven Security. There are primarily two reasons for this:
- we need to avoid vendor lock-ins, because they will hurt end-users and vendors alike.
- we need to avoid market fragmentation into dozens of products that have their own way of expressing security models
If industry is not commited to preventing vendor lock-ins and market fragmentation, then Model Driven Security would take much longer to become mainstream. Also, the shakeout in the market would be bloodshed, where innovation typically goes out of the window.
As a consequence, ObjectSecurity and several OMG members have come together at the Object Management Group (OMG) consortium to work towards a Model Driven Security Policy standard. This standard should specify a common vocabulary which allows policies to be transferable between different vendors' tools. An RFI has just been issued by the OMG.
Please contact us if you would like to know more about this.