Digital Edition

SYS-CON.TV
Extensible Access Control Markup Language (XACML) New OASIS Standard
v2.0 Of XACML Integral To Enterprise Security

OASIS announced that its members have approved the Extensible Access Control Markup Language (XACML) version 2.0 as an OASIS Standard. Approval by OASIS signifies the highest level of ratification. XACML is used to represent and evaluate access control policies.

Dan Blum, senior vice president and research director of the Burton Group, noted, "Access control is a requirement of almost every application. XACML goes beyond simply denying or granting information access, it defines the mechanism for creating the rules and policy sets that enable meaningful authorization decisions."

To meet the needs of a wide range of users across many different environments, XACML 2.0 incorporates new profiles for Role Based Access Control (RBAC), Privacy, and Lightweight Directory Access Protocol (LDAP). XACML 2.0 profiles also provide integration and hierarchical resources for the Security Assertion Markup Language (SAML) OASIS Standard.

"XACML is designed to standardize the use of declarative policy to control access to resources, which can reduce costs while increasing security," said Hal Lockhart, co-chair of the OASIS XACML technical committee. "XACML 2.0 can be of particular interest to those deploying SAML, looking for a practical way to implement RBAC or protecting hierarchical resources, such as portions of XML documents."

Before becoming an OASIS Standard, XACML v2.0 first completed an extensive public review and was approved by the OASIS XACML Technical Committee. Then, the specification demonstrated its readiness through multiple implementations, after which XACML was reviewed and approved by the OASIS membership as a whole.

"The approval of XACML 2.0 as an OASIS Standard builds on a solid base of XACML implementations by major international companies, start-ups, and open source providers," noted Patrick Gannon, president and CEO of OASIS. "Increasingly, XACML is being recognized as an integral part of enterprise security frameworks. Our congratulations go to the members of the OASIS XACML Technical Committee for their hard work in advancing this standard."

XACML is part of the growing portfolio of OASIS Standards for security, which also includes the Application Vulnerability Description Language (AVDL), SAML, Service Provisioning Markup Language (SPML), WS-Security, and XML Common Biometric Format (XCBF). XACML v2.0 was developed by members of the OASIS XACML Technical Committee, which includes representatives of BEA Systems, Booz Allen Hamilton, Computer Associates, Entrust, Gluecode Software, IBM, Sun Microsystems, and others.

About XML News Desk
The XML-Journal News Desk monitors the world of XML and SOA /Web services to present IT professionals with updates on technology advances and business trends, as well as new products and standards.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

ChatOps is an emerging topic that has led to the wide availability of integrations between group cha...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting ch...
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being soft...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know ...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every ...
The cloud era has reached the stage where it is no longer a question of whether a company should mig...
The need for greater agility and scalability necessitated the digital transformation in the form of ...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an over...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and ...
While some developers care passionately about how data centers and clouds are architected, for most,...
"Since we launched LinuxONE we learned a lot from our customers. More than anything what they respon...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily ...
"As we've gone out into the public cloud we've seen that over time we may have lost a few things - w...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is...
We are given a desktop platform with Java 8 or Java 9 installed and seek to find a way to deploy hig...
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis too...
"Cloud4U builds software services that help people build DevOps platforms for cloud-based software a...
The question before companies today is not whether to become intelligent, it’s a question of how and...