XACML standard controls Web services access

The Organization for the Advancement of Structured Information Standards this week approved the Extensible Access Control Markup Language (XACML) specification for Web services and documents.

All previous policy languages were in proprietary formats, said Carlisle Adams, co-chairman of the OASIS XACML technical committee. XACML will be transportable between systems.

Adams, principal security architect for Entrust Inc. of Addison, Texas, said the committee started working on the new language specification nearly two years ago.

XACML cooperates with another recently approved OASIS standard, Security Assertion Markup Language, to create an authentication architecture for Web services, Adams said.

SAML defines a syntax for expressing assertions, such as a computer user's job title or security clearance, Adams said. A rules engine with policy statements written in XAML could compare the SAML assertions with its policies to determine whether the user should see confidential information.

The XACML specification is online. Sun Microsystems Inc. has developed an open-source implementation of XACML.

Featured

  • senior center (vuqarali/Shutterstock.com)

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/Shutterstock.com)

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected