XACML and Attribute Based Access Control (ABAC) offers a number of benefits that help get your IT and information security strategies aligned with overall business objectives.

These are some of the key values you can expect to gain from an XACML based authorization solution from Axiomatics:

• Time to market. For many organizations, the ability to respond to changing market requirements by means of new on-line service offerings is crucial. Externalized and Attribute Based Access Control (ABAC) plays an important part in reducing the efforts needed for new deployment for several reasons
• A good portion of the code maintained in individual application or services is related to authorization issues - "should the current user be allowed to use this feature?" By externalizing authorization from the code of applications you achieve faster development cycles and more lean software development procedures.
• Once a service has been deployed, business requirements will change. With externalized authorization, corresponding policy changes can be made without impacting existing applications or services. The business logic of applications will be thus be less impacted and necessary code changes less frequent. As a result, interruptions and delays in service delivery can be reduced.
• Regulatory compliance. The most obvious benefit brought by XACML is its strict policy alignment. Rather than asking what IT can do to comply with regulations, business managers can focus on how regulatory frameworks need to impact business processes and corporate policies. Once a "natural language" version of a corporate policy is available, it can be translated to "IT language" using XACML for streamlined and consistent enforcement in related applications and services.
• Governance and risk mitigation. With risk intelligence built into authorization policies, vulnerabilities can efficiently be reduced. The output from risk analysis can effectively be used to elaborate authorization conditions and thereby reduce identified risks. From a governance perspective, controlling access permissions in the IT landscape by means of centrally maintained and automatically enforced policies obviously grants a whole new dimension to internal controls.
• Operational efficiency. Many organizations experience that their old "need-to-know" level access control strategies are insufficient in a world so dependent on users ability to share and collaborate across organizational borders. A new "need-to-share" paradigm can however not be supported with legacy authorization mechanisms. XACML based technologies in combination with federated identity management enable organizations to collaborate securely and to use shared resources more efficiently.
• Lean business processes. Existing technologies for Identity and Access Management (IAM) have established a whole new layer of procedures and bureaucracy. When a new employee is hired, the provisioning process to register user accounts and parameters in multiple IT systems is time consuming for a separate staff of identity management administrators, time during which the new employee is unable to work. Whenever job tasks are changed and permissions need to be altered, the same IAM bureaucracy will consume resources and block a user from being productive. With Attribute Based Access Control (ABAC), management of many of the attributes that become privilege giving is already embedded in existing business processes. Changing a descriptive tag in the document management system may for instance impact access permissions. Thus, privilege management tasks can and will be embedded in every day job tasks performed anyway, without the need to call a separate Help Desk to have user permissions changed.
• Future-proof ROI. One of the reasons current IAM technologies tend to establish separate and costly layers of technology and processes, is the fact that IT systems come with proprietary authorization schemes that are difficult to manage. With the switch to XACML and a standards-based approach, many of the thresholds created by vendor-specific solutions can be overcome. Moreover, we currently are at the beginning of a true paradigm shift towards standards-based interoperability between IAM components, so an investment in XACML today, may provide new values not yet foreseen tomorrow.