Category: XACML Bites

Every Thing You Always Wanted to Know About XACML * But Were Afraid to Ask

Free strawberry ice-cream melting image
XACML Bites

XACML 101 – A quick intro to Attribute-based Access Control with XACML

Acronym XACML: eXtensible Access Control Markup Language. Highlights XACML: What’s ABAC? ABAC stands for attribute-based access control. It is a natural evolution from role-based access control which itself is a natural evolution from access control lists. Access Control History in a Nutshell Once upon a time, there were access control lists. Once a user authenticated, its identity was known and could be used in such lists. Think of clubs and VIP lists. If you appear on a VIP list, the bouncer (enforcer) will let you in. It doesn’t matter what your role in life is… Then someone realized that the right to do something (authorizations, entitlements…) should rather be linked to a role. Bus drivers can drive public transport buses. […]

Identity and Access Management, XACML Bites

Enhancements and new features in #XACML 3.0

I recently had a chat with the editor of XACML 3.0, Erik Rissanen – also the CTO of Axiomatics – about the latest news on XACML 3.0: the enhancements the standard has gone through and the new features we can look forward to. Multiple Decision Profile: Multiple resource request (XACML 2.0) was renamed Multiple Decision Profile (XACML 3.0) and enhanced with new variants. This profile lets a requestor –typically the Policy Enforcement Point (PEP) ask several questions in one go to which the Policy Decision Point (PDP) returns one answer with multiple decisions. This profile is particularly useful in web-portal-based scenarios where decisions have to be reached for different parts of a portal within a given page for a given […]