Enforcement the XML way -- GCN

Enforcement the XML way

GCN Insider | Trends & technologies that affect the way government does IT

By Joab Jackson
Aug 13, 2006

Policy management is one thing, but enforcing policy is another issue altogether. You may have policies in place describing which personnel can access which applications, or even which parts of a building.

But how do you enforce those privileges without overwhelming employees with a plethora of passwords, or overloading administrators with an orgy of authentication systems? At a recent Federal CIO Council XML Community of Practice meeting, Anne Anderson, a senior staff engineer for Sun Microsystems Inc. of Santa Clara, Calif., introduced Access Control Markup Language, or XACML (pronounced ex-ax-i-mal).

Although still in its commercial infancy, Extensible Markup Language-based XACML promises a way of enforcing policies across different platforms. It doesn't care what type of resources you're trying to control'it might be a locked door or a database'Anderson said.

XACML has two major components, a Policy Enforcement Point and Policy Decision Point. The PEP intercepts requests for documents or services and sends a request to the PDP, which consults a set of rules to determine if the requester has the right to access the item. Rules can be made up of a combination of conditions'XACML has a wide range of regular expressions, comparisons and functions, and it can be extended to include other capabilities. Other technologies cover the same ground'Microsoft Active Directory being the 800-pound gorilla'though most don't have the same depth of rule-making. They also base access on individuals, not on specific chains of rules, Anderson explained.

Overseen by the Organization for the Advancement of Structured Information Standards, XACML developers are working toward Version 3 of the standard. Sun has posted an open-source implementation (sunxacml.sourceforge.net). Government users include the Office of the Secretary of Defense's Personnel and Readiness office, the Veterans Health Administration and the Defense Information Systems Agency.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

E-Mail this page

Printable Format

Advanced Search

Stay Connected

Email Address

Country

Terms and Privacy Policy consent

Yes, I agree No, I don't agree

Select primary job function

Select agency/branch/business type

I agree to this site's Privacy Policy.

Enforcement the XML way

Related Articles

Stay Connected

A quantum computing future is unlikely, due to random hardware errors

Can blockchain smooth grant management?

Current encryption algorithms still strong, NIST official says

City on a Cloud winners announced

Adopt-A-Family app expands holiday giving

How conversational AI can deliver exceptional citizen services

City on a Cloud winners announced

New from GCN

5 must-have reporting tool requirements to improve service and results

Can blockchain smooth grant management?

Current encryption algorithms still strong, NIST official says

DOD details 5G testbeds

We’re using lasers and toaster-sized satellites to beam information faster through space

Upcoming Events