XACML stands for "eXtensible Access Control Markup Language". The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.[2]
| Paradigm | Declarative programming |
|---|---|
| Developer | Organization for the Advancement of Structured Information Standards (OASIS) |
| First appeared | April 16, 2001[1] |
| License | OASIS |
| Filename extensions | .xml , .alfa |
| Website | www.oasis-open.org |
| Major implementations | |
| Axiomatics, AuthzForce | |
| Dialects | |
| ALFA (XACML) | |
| Influenced by | |
| XML, SAML | |
| Influenced | |
| ALFA (XACML) | |
As a published standard specification, one of the goals of XACML is to promote common terminology and interoperability between access control implementations by multiple vendors. XACML is primarily an attribute-based access control system (ABAC), also known as a policy-based access control (PBAC) system, where attributes (bits of data) associated with a user or action or resource are inputs into the decision of whether a given user may access a given resource in a particular way. Role-based access control (RBAC) can also be implemented in XACML as a specialization of ABAC.[citation needed]
The XACML model supports and encourages the separation of enforcement (PEP) from decision making (PDP) from management / definition (PAP) of the authorization. When access decisions are hard-coded within applications (or based on local machine userids and access control lists (ACLs)), it is very difficult to update the decision criteria when the governing policy changes and it is hard to achieve visibility or audits of the authorization in place. When the client is decoupled from the access decision, authorization policies can be updated on the fly and affect all clients immediately.[citation needed]
Version 3.0 was ratified by OASIS in January 2013.[3]
See alsoEdit
ReferencesEdit
- ^ Best, Karl (16 April 2001). "OASIS TC call for participation: XACML". OASIS. Retrieved 31 October 2016.
- ^ "pure-xacml". www.axiomatics.com. Retrieved 2016-04-27.
- ^ eXtensible Access Control Markup Language (XACML) V3.0 approved as an OASIS Standard, eXtensible Access Control Markup Language (XACML) V3.0 approved as an OASIS Standard.