XACML standard controls Web services access
- By Patricia Daukantas
- Feb 21, 2003
The Organization for the Advancement of Structured Information Standards this week approved the Extensible Access Control Markup Language (XACML) specification for Web services and documents.
All previous policy languages were in proprietary formats, said Carlisle Adams, co-chairman of the OASIS XACML technical committee. XACML will be transportable between systems.
Adams, principal security architect for Entrust Inc. of Addison, Texas, said the committee started working on the new language specification nearly two years ago.
XACML cooperates with another recently approved OASIS standard, Security Assertion Markup Language, to create an authentication architecture for Web services, Adams said.
SAML defines a syntax for expressing assertions, such as a computer user's job title or security clearance, Adams said. A rules engine with policy statements written in XAML could compare the SAML assertions with its policies to determine whether the user should see confidential information.
The XACML specification is
online. Sun Microsystems Inc. has developed an
open-source implementation of XACML.