XACML standard covers three major parts:
- Reference Architecture: The standard proposes reference architecture with commonly accepted names for the various entities involved in the architecture.
- Policy Language: The standard defines syntax for the language used to write access control rules and higher-order policies.
- Request/Response scheme: inline with the reference architecture and using the policy language concepts the standards also defines a request-response scheme that enables interoperability.
Since XACML uses the concept of Attribute-Based Access Control as the underlying model for access control, it enables easy authoring and enforcement of fine-grained access control rules. XACML also benefits from being an open standard, allowing for support from multiple vendors, platform and implementation interoperability as well as a transparent committee working on keeping the standard inline with the growing demands of the industry as well as rectifying deficiencies.
As a specification XACML is powerful enough to handle most, if not all, ABAC needs. It also provides profiles (best practices on how to use XACML to express well-defined usage scenarios) for common scenarios like RBAC, SAML, Intellectual Property Control, Export Compliant etc., providing implementers helpful guidance on how to solve the common problems.