+

Short introduction to Access Control – Part 2

XACML standard covers three major parts:

  1. Reference Architecture: The standard proposes reference architecture with commonly accepted names for the various entities involved in the architecture.
  2. Policy Language: The standard defines syntax for the language used to write access control rules and higher-order policies.
  3. Request/Response scheme: inline with the reference architecture and using the policy language concepts the standards also defines a request-response scheme that enables interoperability.

Why XACML?

Since XACML uses the concept of Attribute-Based Access Control as the underlying model for access control, it enables easy authoring and enforcement of fine-grained access control rules. XACML also benefits from being an open standard, allowing for support from multiple vendors, platform and implementation interoperability as well as a transparent committee working on keeping the standard inline with the growing demands of the industry as well as rectifying deficiencies.

As a specification XACML is powerful enough to handle most, if not all, ABAC needs. It also provides profiles (best practices on how to use XACML to express well-defined usage scenarios) for common scenarios like RBAC, SAML, Intellectual Property Control, Export Compliant etc., providing implementers helpful guidance on how to solve the common problems.

Related Articles

The one with all the authorization vendors | Dynamically Speaking
Dynamically Speaking
Does it feel as though everyone’s suddenly talking about authorization? We think so too and asked Axiomatics President & CCO Jim Barkdoll his thoughts on...
The one about identity-first security | Dynamically Speaking
Dynamically Speaking
Few have their finger on the pulse of all things Identity and Access Management (IAM) like Jackson Shaw, Chief Strategy Officer for Clear Skye. In...
The Log4j vulnerability – What you need to know
Customer Alerts
As many of you know, on December 9, 2021 the Apache Log4j vulnerability (CVE-2021-4422) was discovered, affecting somewhere between 0 and 3 billion-plus devices currently...