XACML eXtensible Access Control Markup Language

1
XACMLeXtensible Access Control Markup Language

• XML World 2001
• 17-19 September
• San Francisco, CA
• Simon Y. Blackwell
• Chairperson, XACML Technical Committee OASIS
• CTO, Psoom, Inc.

2
XACML

• An XML specification for the expression of access
  control policies that can
• Be applied to anything referenced from XML
• Refer to the content of the target of control
• Be based on request context variables

3
XACML Participants

• Authentify
• CrossLogic
• Entitlenet
• Entrust
• HP
• IBM
• Jamcracker

• Netegrity
• Oblix
• Psoom
• Reuters
• Tivoli
• University of Milan
• Verisign

4
Cross Committee Representation

• SAML
• ebXML

5
Why XACML?

• Promote Interoperability
• Ensure Uniformity
• Ease Development
• Control XML Fragments

6
Promote Interoperability

• Multiple vendor security solutions in one
  enterprise
• Shared policy in business partnerships

7
Ensure Uniformity

• Distributed, heterogeneous security systems with
  inconsistent policy
• Multiple data base vendors
• Custom applications
• Firewalls
• Operating systems

8
Ease Development

• Separate policy from applications
• Standard means for policy to refer to the content
  of its target and the context of a request

9
Control XML Fragments

• XML documents are frequently used to store
  information with different security needs
• Health records
• Contracts

10
Features

• Layered architecture, e.g.
• Users -gt Groups -gt Roles
• Targets -gt Target Security Levels
• Standard Rights -gt User Defined Rights
• XPATH
• Provisional Actions

11
Demonstrations

• IBM XACL
• University of Milan XAS
• Others

12
Schedule

• December 2001 Candidate Specification
• March 2002 v1.0 (grammar focus)
• TBD (processing and protocols)

13
Interim Work To Explore

• Standards Contributors
• IBM XACL
• http//alphaworks.ibm.com/tech/xmlsecuritysuite
• University of Milan XAS
• http//sansone.crema.unimi.it/samarati/Papers/www
  9.pdf
• CrossLogix (proprietary)
• http//www.crosslogix.com
• Other work
• http//www.xrml.org (digital rights management)
• http//www.odrl.net
• Extensive Reference Information
• http//www.oasis-open.org/committees/xacml/docs/do
  cs.shtml

14
For More Information

• http//www.xacml.org
• Visit, Participate, Contribute