XACML 101 – a quick intro to Attribute-based Access Control with XACML

Acronym XACML: eXtensible Access Control Markup Language. Highlights XACML: is XML: you can actually read and write XACML with your favorite text editor (not that I would recommend writing XACML that way). is human-readable and verbose enough for users to get an understanding of what it’s doing belongs to the OASIS family of standards. You can download the latest standard material here. is eXtensible: you can add profiles to cater for specific scenarios e.g. a profile for hierarchical resources, for role-based access control, for export control… is about access control: authorizing who can do what when and how implements ABAC, attribute-based access control What’s ABAC? ABAC stands for attribute-based access control. It is a natural evolution from role-based access control […]

Enhancements and new features in #XACML 3.0

I recently had a chat with the editor of XACML 3.0, Erik Rissanen – also the CTO of Axiomatics – about the latest news on XACML 3.0: the enhancements the standard has gone through and the new features we can look forward to. Multiple Decision Profile: Multiple resource request (XACML 2.0) was renamed Multiple Decision Profile (XACML 3.0) and enhanced with new variants. This profile lets a requestor –typically the Policy Enforcement Point (PEP) ask several questions in one go to which the Policy Decision Point (PDP) returns one answer with multiple decisions. This profile is particularly useful in web-portal-based scenarios where decisions have to be reached for different parts of a portal within a given page for a given […]