Enforcement the XML way -- GCN

Enforcement the XML way

GCN Insider | Trends & technologies that affect the way government does IT

By Joab Jackson
Aug 13, 2006

Policy management is one thing, but enforcing policy is another issue altogether. You may have policies in place describing which personnel can access which applications, or even which parts of a building.

But how do you enforce those privileges without overwhelming employees with a plethora of passwords, or overloading administrators with an orgy of authentication systems? At a recent Federal CIO Council XML Community of Practice meeting, Anne Anderson, a senior staff engineer for Sun Microsystems Inc. of Santa Clara, Calif., introduced Access Control Markup Language, or XACML (pronounced ex-ax-i-mal).

Although still in its commercial infancy, Extensible Markup Language-based XACML promises a way of enforcing policies across different platforms. It doesn't care what type of resources you're trying to control'it might be a locked door or a database'Anderson said.

XACML has two major components, a Policy Enforcement Point and Policy Decision Point. The PEP intercepts requests for documents or services and sends a request to the PDP, which consults a set of rules to determine if the requester has the right to access the item. Rules can be made up of a combination of conditions'XACML has a wide range of regular expressions, comparisons and functions, and it can be extended to include other capabilities. Other technologies cover the same ground'Microsoft Active Directory being the 800-pound gorilla'though most don't have the same depth of rule-making. They also base access on individuals, not on specific chains of rules, Anderson explained.

Overseen by the Organization for the Advancement of Structured Information Standards, XACML developers are working toward Version 3 of the standard. Sun has posted an open-source implementation (sunxacml.sourceforge.net). Government users include the Office of the Secretary of Defense's Personnel and Readiness office, the Veterans Health Administration and the Defense Information Systems Agency.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

E-Mail this page

Printable Format

Advanced Search

Stay Connected

Email Address

Country

Terms and Privacy Policy consent

Yes, I agree No, I don't agree

Select primary job function

Select agency/branch/business type

I agree to this site's Privacy Policy.

Enforcement the XML way

Related Articles

Stay Connected

‘Zoom-bombing’ highlights videoconference security vulnerabilities

GSA bot builders add workforce capacity

Pandemic drones: Useful for enforcing social distancing or for creating a police state?

NOAA expands use of unmanned systems

CISA updates list of critical workers

FirstNet marks anniversary with new offers, capabilities

GSA bot builders add workforce capacity

New from GCN

From 12 to 12,000: How LA scaled up telework in two weeks

Fiber-optic internet cables could monitor earthquakes

5G’s transformational power for local communities

How to protect elections amid the coronavirus pandemic

‘Zoom-bombing’ highlights videoconference security vulnerabilities