Is ALFA a Part of the OASIS XACML Technical Committee Series of Standards?

The Abbreviated Language for Authorization (ALFA)is a pseudocode language used in the formulation of access control policies. ALFA maps directly into the eXtensible Access Control Markup Language (XACML) and contains the same structural elements as XACML (i.e. PolicySet, Policy, and Rule).

The Organization for the Advancement of Structured Information Standards (OASIS) is a nonprofit, international consortium which promotes the adoption of product-independent standards for information formats such as XACML.

Abbreviated Language for Authorization (ALFA)

Originally named the Axiomatics Language for Authorization, ALFA was developed by Axiomatics head of R&D Pablo Giambiagi to provide policy developers a more lightweight notation as an alternative to XML-based XACML. In order to advance the standardization of ALFA, Axiomatics donated the language to the OASIS XACML Technical Committee (TC). Axiomatics announced the donation on March 14th, 2014.

On March 10, 2015, the Abbreviated Language for Authorization Version 1.0 Working Draft was submitted by Pablo Giambiagi, Srijith K. Nair, and David Brossard to the XACML TC with the following abstract:

“The aim of this profile is to propose a domain-specific language for an abbreviated high-level description of XACML authorization policies. The XACML policy syntax is specified in the core XACML specification. This profile leverages it.”

ALFA is not yet a part of the OASIS series of standards, but we are excited about the prospect of OASIS providing a standardization of this language. Due to its ease of use and similarity to third and fourth generation programming languages like Java and C#, ALFA is often the preferred policy authorizing mechanism for many of Axiomatics’ customers.

According to the OASIS TC process guidelines, the standards track for Work Products progress as follows:

  1. Committee Specification Draft,
  2. Committee Specification Public Review Draft,
  3. Committee Specification,
  4. Candidate OASIS Standard,
  5. OASIS Standard,
  6. Approved Errata.

The Abbreviated Language for Authorization Version 1.0 Working Draft, contains the following status:

“This Working Draft (WD) has been produced by one or more TC Members; it has not yet been voted on by the TC or approved as a Committee Draft (Committee Specification Draft or a Committee Note Draft). The OASIS document Approval Process begins officially with a TC vote to approve a WD as a Committee Draft. A TC may approve a Working Draft, revise it, and re-approve it any number of times as a Committee Draft.”


At the writing of this Question of the Week (QoW), the Abbreviated Language for Authorization Version 1.0 Working Draft has not yet been voted by the TC or approved as a Committee Draft. Therefore this document has a few more steps to go through before becoming an OASIS standard, but it is on the path to becoming so.  

If you would like to become involved in the process of ALFA becoming an OASIS standard, then navigate to the OASIS XACML Technical Committee. Here you will find information about participating in this effort, either as a member of the committee or providing comments during the public review.  

Further Reading

ALFA for XACML v.1.0
Webinar on ALFA
Using ALFA Eclipse plugin to author XACML policies

Other Blogs

3 keys to re-evaluate your authorization management
On May 27, I had the pleasure to join the KuppingerCole KCLive event with several industry peers in a panel discussion about  “Enabling the Future...
How OAuth is related to Attribute Based Access Control
What is Authorization? Authorization, also referred to as Access Control, is the process that follows authentication (which checks your identity and ensures that you are...
Modern Enterprise Authorization Management System
Gartner has an interesting article titled “Modernize Your Runtime Authorization” that highlights some aspects you need from a modern enterprise authorization systems. Over the years...