Organization for the Advancement of Structured Information Standards (OASIS)
First appeared
April 16, 2001; 23 years ago (2001-04-16)[1]
License
OASIS
Filename extensions
.xml, .alfa
Website
www.oasis-open.org
Major implementations
Axiomatics, AuthzForce
Dialects
ALFA (XACML)
Influenced by
XML, SAML
Influenced
ALFA (XACML)
The eXtensible Access Control Markup Language (XACML) is an XML-based standard markup language for specifying access control policies. The standard, published by OASIS, defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.[2]
XACML is primarily an attribute-based access control system. In XACML, attributes – information about the subject accessing a resource, the resource to be addressed, and the environment – act as inputs for the decision of whether access is granted or not.[3] XACML can also be used to implement role-based access control.[4]
In XACML, access control decisions to be taken are expressed as Rules. Each Rule comprises a series of conditions which decide whether a given request is approved or not. If a Rule is applicable to a request but the conditions within the Rule fail to evaluate, the result is Indeterminate. Rules are grouped together in Policies, and a PolicySet contains Policies and possibly other PolicySets. Each of these also includes a Target, a simple condition that determines whether it should be evaluated for a given request. Combining algorithms can be used to combine Rules and Policies with potentially differing results in various ways. XACML also supports obligations and advice expressions. Obligations specify actions which must be executed during the processing of a request, for example for logging. Advice expressions are similar, but may be ignored.[3]
XACML separates access control functionality into several components. Each operating environment in which access control is used has a Policy Enforcement Point (PEP) which implements the functionality to demand authorization and to grant or deny access to resources. These refer to an environment-independent and central Policy Decision Point (PDP) which actually makes the decision on whether access is granted. The PDP refers to policies stored in the Policy Retrieval Point (PRP). Policies are managed through a Policy Administration Point (PAP).[3]
Version 3.0 was ratified by OASIS in January 2013.[5]
^Best, Karl (16 April 2001). "OASIS TC call for participation: XACML". OASIS. Retrieved 31 October 2016.
^ abcFerraiolo, David; Chandramouli, Ramaswamy; Hu, Vincent; Kuhn, Rick (October 2016). A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications (Report). National Institute of Standards and Technology. doi:10.6028/NIST.SP.800-178.
^See for example De la Rosa Algarín, Alberto; Ziminski, Timoteus B.; Demurjian 1, Steven A.; Kuykendall, Robert; Rivera Sánchez, Yaira K. (2013). Defining and Enforcing XACML Role-based Security Policies within an XML Security Framework. Proceedings of the 9th International Conference on Web Information Systems and Technologies. doi:10.5220/0004366200160025.{{cite conference}}: CS1 maint: numeric names: authors list (link)
^eXtensible Access Control Markup Language (XACML) V3.0 approved as an OASIS Standard, eXtensible Access Control Markup Language (XACML) V3.0 approved as an OASIS Standard.
The eXtensible Access Control Markup Language (XACML) is an XML-based standard markup language for specifying access control policies. The standard, published...
OAuth is also unrelated to XACML, which is an authorization policy standard. OAuth can be used in conjunction with XACML, where OAuth is used for ownership...
policies. XACML, the eXtensible Access Control Markup Language, uses XML as its main encoding language. Writing XACML policies directly in XACML leads to...
XACML (eXtensible Access Control Markup Language). One key difference between a XACML rule engine and a business rule engine is the fact that a XACML...
access control list or a capability, or a policy administration point e.g. XACML. On the basis of the "principle of least privilege": consumers should only...
GeoXACML stands for Geospatial eXtensible Access Control Markup Language. It defines a geo-specific extension to XACML Version 2.0, as it was ratified...
is intentionally limited. More-advanced use cases are encouraged to use XACML instead. A SAML protocol describes how certain SAML elements (including...
attributes to define how APIs can be invoked using standards such as ALFA or XACML. The above methods provide different level of security and ease of integration...
and comparing them to the preferences of individuals. Policy enforcement XACML – The Extensible Access Control Markup Language together with its Privacy...
credentials.[citation needed] XACML (extensible access control markup language) is a standard for attribute-based access control. XACML 3.0 was standardized in...
submarine, NATO name for Soviet Union/Russian Navy Project 705 submarines ALFA (XACML), a domain-specific language used in the formulation of access-control policies...
industrial controller, 1971 Project Detail Page on Microsoft Project Server XACML PDP (policy decision point) Product Detail Page, a page showing the detail...
recent years to implement dynamic data filtering and masking. For instance, XACML policies can be used to mask data inside databases. There are six possible...
representation and querying of geospatial data for the Semantic Web GeoXACML – Geospatial eXtensible Access Control Markup Language KML – Keyhole Markup...
standard eXtensible Access Control Markup Language (XACML) interface which allows PERMIS and XACML PDPs to be seamlessly interchanged, the ability to accept...
means Zero-Knowledge argued they should be a co-owner of the standard. XACML - eXtensible Access Control Markup Language, a standard by OASIS. Paul F...
Permissible Actions Protocol in cybersecurity Policy Administration Point, in the XACML markup language Printer Access Protocol, a network protocol for talking...
“Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare Version 1.0.” IAB Europe: List of Consent Management...