XACML
Last updated
Last updated
XACML (eXtensible Access Control Markup Language) is an XML-based language for access control that has been standardized by the Technical Committee of the OASIS consortium. XACML is popular as a fine grain authorization method among the community. However, there are aspects of XACML that surpasses other policy standards by being a fine-grained authorization mechanism.
Although XACML was introduced as a standard by OASIS in 2003, not many organizations that have been adapted it yet. This is because of most organization's lack of interest in moving towards a XACML based solution for authorization. The following may be some reasons for this:
Many software designer and developers lack a clear understanding of features, importance, and advantages of XACML.
It is comparatively difficult to implement a XACML solution when compared with a typical JDBC or hard-coded authorization system.
Performance of XACML-based authorization system may be less than adequate.
The complexity of defining and managing XACML policies.
However, current market trends indicate that there is some motivation for XACML-based authorization systems. This section includes some architectural and implementation details on XACML with an existing XACML engine.
To summarize, XACML describes both an access control policy language, request/response language, and reference architecture. The policy language is used to express access control policies (who can do what, when). The request/response language expresses queries about whether a particular access should be allowed (requests) and describes answers to those queries(responses). The reference architecture proposes a standard for deployment of necessary software modules within an infrastructure to allow efficient enforcement of policies.
WSO2 Identity Server uses XACML as a tool for controlling access to applications.
