What is XACML ?

XACML(eXtensible Access Control Markup Language) is an XML-based language for access control that has been standardized by the Technical Committee of the OASIS consortium. XACML is much popular as a fine grain authorization method among the community. But there are lot of aspect of XACML other than just a fine grain authorization mechanism.

Although XACML was introduced as a strand by OASIS in 2003, There lack of organisations that have been adapted with it yet. Because most of the organization have not shown their interest of moving towards a XACML solution for authorization. As I understood following are the some reasons for this

1. Many software designer and developers do not have clear picture on importances and advantages of XACML

2. It is bit hard to implement a XACML solution rather then a typical JDBC or hard coded authorization system.

3. Performances of XACML based authorization system would be less.

4. Complexity of defining XACML policies and managing them

But these days, I experienced that there are some motivation for XACML based authorization systems. Therefor I thought that, it would be worth to start a blog on that space. This blog would include some architectural and implementation details on XACML with an existing XACML engine.

If you are interested in going into the depth in XACML, You can find XACML specifications and other necessary stuff from here in OASIS web site

As summary, in XACML describes both an access control policy language, request/response language and reference architecture. The policy language is used to express access control policies (who can do what when). The request/response language expresses queries about whether a particular access should be allowed (requests) and describes answers to those queries(responses). The reference architecture proposes a standard for deployment of necessary software modules within an infrastructure to allow efficient enforcement of policies.

Hope this blog help you all to be clear on XACML and Its implementation….

Discuss this article on Stack Overflow

Leave a Reply

Your email address will not be published. Required fields are marked *