XACML 3.0 is officially recognized as a standard by OASIS
Stockholm 24/01/13 – Axiomatics, the first organization to attest conformance to eXtensible Access Control Markup Language (XACML) 3.0, is happy to announce that XACML 3.0 has now been officially recognized as a standard. This version of XACML has been in use since 2010 and it received the Influential Standardization Efforts Award at the European Identity Conference in Munich, May 2011. At the close of voting on 24th January 2013, the required number of votes had been received from members of the Organization for the Advancement of Structured Information Standards (OASIS) to officially grant XACML the status of a standard.
Since its inception in 2001, the scope of XACML has increased considerably. In its initial form it was designed to protect XML resources, now it can be used to protect web APIs, Service Oriented Architectures, REST services, mobile and SaaS applications and databases. Other enhancements that leverage XACML 3.0 include profiles such as the Multiple Decision Profile for XACML 3.0, which delivers vast performance gains as well as the obligation expression. This enables a reason to be given to a request in additional to providing an answer of Deny or Permit.
According to Erik Rissanen, Editor of the XACML 3.0 standard and CTO of Axiomatics, ”XACML 3.0 brings increased security to access control, while offering greater flexibility, in particular with regards to how it can be applied to an enterprise-wide authorization solution. For example, XACML 3.0 has been fundamental for Axiomatics to be able to deliver authorization solutions for a number of its global manufacturing customers who must comply with strict US export control and intellectual property regulations.” The XACML technical committee, which is made up of representatives from XACML solution suppliers, integrators and user organizations, are now focusing on designing profiles that make it easier to onboard new applications. These include the REST profile for XACML and the JSON profile for XACML, which will help lower the barrier to entry for cloud application and API developers.
“As the use cases for XACML 3.0 continues to expand, we expect take up of the language within the Identity and Access Management (IAM) sphere to increase,” continues Rissanen. “In support of this at Axiomatics we have developed a hybrid language, known as Axiomatics Language for Authorization (ALFA). The syntax is similar to Java and C# and acts as a bridge to XACML, allowing a much wider group of developers access to the XACML technology” concludes Rissanen.
Axiomatics, located in Stockholm, Sweden and Salt Lake City, USA, is the leading provider of fine-grained and attribute-based authorization (ABAC) solutions. The company has a global customer base within healthcare, finance, manufacturing and the public sector, among others. The company’s solutions help protect systems against unauthorized use while enabling secure sharing of information within and across enterprise borders. Axiomatics actively contributes to the development of the XACML standard and has editorial responsibilities within the OASIS Technical Committee.