XACML standard controls Web services access

The Organization for the Advancement of Structured Information Standards this week approved the Extensible Access Control Markup Language (XACML) specification for Web services and documents.

All previous policy languages were in proprietary formats, said Carlisle Adams, co-chairman of the OASIS XACML technical committee. XACML will be transportable between systems.

Adams, principal security architect for Entrust Inc. of Addison, Texas, said the committee started working on the new language specification nearly two years ago.

XACML cooperates with another recently approved OASIS standard, Security Assertion Markup Language, to create an authentication architecture for Web services, Adams said.

SAML defines a syntax for expressing assertions, such as a computer user's job title or security clearance, Adams said. A rules engine with policy statements written in XAML could compare the SAML assertions with its policies to determine whether the user should see confidential information.

The XACML specification is online. Sun Microsystems Inc. has developed an open-source implementation of XACML.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.