XACML stands for "eXtensible Access Control Markup Language". The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.[2]

ParadigmDeclarative programming
DeveloperOrganization for the Advancement of Structured Information Standards (OASIS)
First appearedApril 16, 2001; 21 years ago (2001-04-16)[1]
Filename extensions.xml , .alfa
Major implementations
Axiomatics, AuthzForce
Influenced by

As a published standard specification, one of the goals of XACML is to promote common terminology and interoperability between access control implementations by multiple vendors. XACML is primarily an attribute-based access control system (ABAC), also known as a policy-based access control (PBAC) system, where attributes (bits of data) associated with a user or action or resource are inputs into the decision of whether a given user may access a given resource in a particular way. Role-based access control (RBAC) can also be implemented in XACML as a specialization of ABAC.[citation needed]

The XACML model supports and encourages the separation of enforcement (PEP) from decision making (PDP) from management / definition (PAP) of the authorization. When access decisions are hard-coded within applications (or based on local machine userids and access control lists (ACLs)), it is very difficult to update the decision criteria when the governing policy changes and it is hard to achieve visibility or audits of the authorization in place. When the client is decoupled from the access decision, authorization policies can be updated on the fly and affect all clients immediately.[citation needed]

Version 3.0 was ratified by OASIS in January 2013.[3]

See alsoEdit


  1. ^ Best, Karl (16 April 2001). "OASIS TC call for participation: XACML". OASIS. Retrieved 31 October 2016.
  2. ^ "pure-xacml". www.axiomatics.com. Retrieved 2016-04-27.
  3. ^ eXtensible Access Control Markup Language (XACML) V3.0 approved as an OASIS Standard, eXtensible Access Control Markup Language (XACML) V3.0 approved as an OASIS Standard.

External linksEdit