Download joint Intel and Axiomatics White Paper: The XACML Enabled Gateway - The Entrance to a New SOA Ecosystem
What is XACML?
eXtensible Access Control Mark-up Language (XACML) is a structured language for expressing access policies and a query-response protocol for access requests and decisions. XACML develops as standard within the Organization for the Advancement of Structured Information Standards (OASIS).
The XACML language is constructed by a number of building blocks.
A Rule defines an effect (permit or deny) for a target that is described in terms of attributes of subject, resource, action and environment and the conditions for these attributes.
A Policy consists of rules and a rule-combining algorithm that defines how effects of rules override each other.
A Policy Set consists of policies and a policy-combining algorithm that defines how effects of policies override each other.
Besides the structured language and the query-response protocol, XACML has a higher level architecture consisting of a number of functions (components) as follows.
- Policy Decision Point (PDP) - the heart of an XACML solution that makes the access decisions.
- Policy Enforcement Point (PEP) - the most security-critical component in the solution, which protects the resources and enforces the PDP's decision.
- Policy Information Point (PIP) - the external information store providing the attribute data needed for access decisions.
- Policy Repository (PR) - the XACML policy storage.
- Policy Administration Point (PAP) - the XACML-policy editor.
- Press Release: Axiomatics, European Entitlement Management specialist, accelerates its US expansion by hiring top IAM analyst Gerry Gebel
- Highly merited analyst joining Axiomatics
- Enforcing Segregation of Duties (SoD)
- Cybercom White Paper on enhanced security released
- Axiomatics granted research funding
