1 / 14

XACML: XML-Based Access Control Markup Language for Interoperability and Uniformity

XACML is an XML specification for expressing access control policies, promoting interoperability and ensuring uniformity in security systems. It eases policy development, controls XML fragments, and supports diverse applications. Learn about its features, schedule, and contributors.

louis
Download Presentation

XACML: XML-Based Access Control Markup Language for Interoperability and Uniformity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. XACMLeXtensible Access Control Markup Language XML World 2001 17-19 September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee OASIS CTO, Psoom, Inc.

  2. XACML • An XML specification for the expression of access control policies that can: • Be applied to anything referenced from XML • Refer to the content of the target of control • Be based on request context variables

  3. Authentify CrossLogic Entitlenet Entrust HP IBM Jamcracker Netegrity Oblix Psoom Reuters Tivoli University of Milan Verisign XACML Participants

  4. Cross Committee Representation • SAML • ebXML

  5. Why XACML? • Promote Interoperability • Ensure Uniformity • Ease Development • Control XML Fragments

  6. Promote Interoperability • Multiple vendor security solutions in one enterprise • Shared policy in business partnerships

  7. Ensure Uniformity • Distributed, heterogeneous security systems with inconsistent policy • Multiple data base vendors • Custom applications • Firewalls • Operating systems

  8. Ease Development • Separate policy from applications • Standard means for policy to refer to the content of its target and the context of a request

  9. Control XML Fragments • XML documents are frequently used to store information with different security needs • Health records • Contracts

  10. Features • Layered architecture, e.g. • Users -> Groups -> Roles • Targets -> Target Security Levels • Standard Rights -> User Defined Rights • XPATH • Provisional Actions

  11. Demonstrations • IBM XACL • University of Milan XAS • Others …

  12. Schedule • December 2001 Candidate Specification • March 2002 v1.0 (grammar focus) • TBD (processing and protocols)

  13. Interim Work To Explore • Standards Contributors • IBM XACL • http://alphaworks.ibm.com/tech/xmlsecuritysuite • University of Milan XAS • http://sansone.crema.unimi.it/~samarati/Papers/www9.pdf • CrossLogix (proprietary) • http://www.crosslogix.com • Other work • http://www.xrml.org (digital rights management) • http://www.odrl.net • Extensive Reference Information • http://www.oasis-open.org/committees/xacml/docs/docs.shtml

  14. For More Information http://www.xacml.org Visit, Participate, Contribute

More Related