With XACML and Attribute Based Access Control (ABAC) you manage access to a heterogeneous collection of information assets regardless of where they reside. Furthermore, you establish a clean separation between IT and business managers; the former concentrate on providing the required IT functions to support business processes, the latter ensure corporate policies for their use are in place.

These are some of the key values you can expect to gain from an XACML based authorization solution from Axiomatics:

• Reduce the need to invest in vendor specific competencies. User and access management parts of IT systems put a burden on IT organizations since each system typically comes with its own clever configuration options. XACML policy authoring competencies represent a future-proof investment since software by and by will shift to a standardized way dealing with user permissions.
• Simplify and standardize development. Application code maintained in-house or by hired professional services typically contain some 20% of functionality related to access management. Externalizing authorization helps simplify and reduce efforts required for development. Furthermore, rather than having to come up with new smart ways of solving problems related to access, you can refer staff members to a standard in related development and deployment tasks.
• Internal control efficiency. Synchronizing user permissions across systems and security domains in accordance with corporate governance regimes is becoming an increasingly impossible task since the IT environment itself tends to be "on the move". Business critical systems escape the control of IT managers "into the cloud", sourcing partners, who in turn may rely on further layers of third parties, play a more important role, etc. CIOs facing audits therefore have difficulties claiming they are in control. XACML brings a remedy. Consistently enforcing policies regardless of from where a user requests information and from where the response is generated, puts internal controls back into the hands of the information owner, and this in a manner that radically simplifies auditing.
• Eliminating user provisioning. In legacy systems, user permissions are set via user profiles or role configurations and the like. Many organizations maintain user identities and related parameters in hundreds or even thousand of separate systems. With the move towards LDAP or other centralized directories, the number of systems in which user accounts are being maintained may have stopped growing but configurations related to user permissions will still have to be provisioned. Systems protected by XACML Policy Enforcement Points, by contrast, require no management of user permissions locally. A whole suite of technology and manual procedures can be retired for good.
• Simplifying IT alignment with business requirements. Communication between IT and business managers becomes difficult where the technical aspects of IAM are in focus rather than the business requirements. The business manger says "we must be able to trace attestations consistently in all of our supply chain management steps" and the IT manager answers "who should be allowed to run MD04 transactions?" Their conversation never ends. With XACML and Attribute Based Access Control (ABAC) this interaction becomes more productive. The business managers can ask: "How do we know that our XACML policies are aligned with our corporate supply chain policies" and the IT manger simply responds with a report produced by Axiomatics Policy Auditor.