Is ALFA a Part of the OASIS XACML Technical Committee Series of Standards?

The Abbreviated Language for Authorization (ALFA)is a pseudocode language used in the formulation of access control policies. ALFA maps directly into the eXtensible Access Control Markup Language (XACML) and contains the same structural elements as XACML (i.e. PolicySet, Policy, and Rule).

The Organization for the Advancement of Structured Information Standards (OASIS) is a nonprofit, international consortium which promotes the adoption of product-independent standards for information formats such as XACML.

Abbreviated Language for Authorization (ALFA)

Originally named the Axiomatics Language for Authorization, ALFA was developed by Axiomatics head of R&D Pablo Giambiagi to provide policy developers a more lightweight notation as an alternative to XML-based XACML. In order to advance the standardization of ALFA, Axiomatics donated the language to the OASIS XACML Technical Committee (TC). Axiomatics announced the donation on March 14th, 2014.

On March 10, 2015, the Abbreviated Language for Authorization Version 1.0 Working Draft was submitted by Pablo Giambiagi, Srijith K. Nair, and David Brossard to the XACML TC with the following abstract:

“The aim of this profile is to propose a domain-specific language for an abbreviated high-level description of XACML authorization policies. The XACML policy syntax is specified in the core XACML specification. This profile leverages it.”

ALFA is not yet a part of the OASIS series of standards, but we are excited about the prospect of OASIS providing a standardization of this language. Due to its ease of use and similarity to third and fourth generation programming languages like Java and C#, ALFA is often the preferred policy authorizing mechanism for many of Axiomatics’ customers.

According to the OASIS TC process guidelines, the standards track for Work Products progress as follows:

  1. Committee Specification Draft,
  2. Committee Specification Public Review Draft,
  3. Committee Specification,
  4. Candidate OASIS Standard,
  5. OASIS Standard,
  6. Approved Errata.

The Abbreviated Language for Authorization Version 1.0 Working Draft, contains the following status:

“This Working Draft (WD) has been produced by one or more TC Members; it has not yet been voted on by the TC or approved as a Committee Draft (Committee Specification Draft or a Committee Note Draft). The OASIS document Approval Process begins officially with a TC vote to approve a WD as a Committee Draft. A TC may approve a Working Draft, revise it, and re-approve it any number of times as a Committee Draft.”


At the writing of this Question of the Week (QoW), the Abbreviated Language for Authorization Version 1.0 Working Draft has not yet been voted by the TC or approved as a Committee Draft. Therefore this document has a few more steps to go through before becoming an OASIS standard, but it is on the path to becoming so.  

If you would like to become involved in the process of ALFA becoming an OASIS standard, then navigate to the OASIS XACML Technical Committee. Here you will find information about participating in this effort, either as a member of the committee or providing comments during the public review.  

Further Reading

ALFA for XACML v.1.0
Webinar on ALFA
Using ALFA Eclipse plugin to author XACML policies

Related Articles

Getting started with Zero Trust using dynamic authorization | Dynamically Speaking
Dynamically Speaking
Zero Trust. It’s everywhere. It’s a methodology that’s been around for years, and we are now seeing a significant uptick in the number of enterprises...
The case for dynamic authorization in banking and finance
Attribute Based Access Control (ABAC)
More than other organizations, banks, and financial institutions face the highest levels of scrutiny when it comes to how they protect critical assets and sensitive...
Response to White House meeting on cybersecurity and NIST updates | Dynamically Speaking
Dynamically Speaking
Our customers tell us constantly – security challenges continue to evolve and become more complex almost daily. It’s why we engage in conversations with enterprises...