Understanding XML Access Control Markup Language - XACML

XACML is the Access Control Markup Language that is used to express the rules that are necessary for authentication and authorization. The vocabulary to express these rules is given by the access control markup language. These rules are used to make decisions regarding the authorization.


_______________________________________________


A simple example of this could be the way the employees of a company can have access to the resources in the company. Not all the employees will have access to all the resources. The staff of the marketing department will have access to different resources whereas the HR department staff may access some other information. Getting email notification when some records are accessed is also possible.

There are many features of the XML Access Control Markup Language. This defines:

· The rules for expressing authorization
· The conditions those are necessary for creating the rules
· The way in which the rules and the conditions can be combined
· The way in which the rules can be evaluated
· Policy statements
· Rules that apply to a subject

The XACML definitions are used for the subjects and the actions. Rules for the targets are defined in this markup language. The effects and the conditions are also defined in XML Access Control Markup Language. The targets that are defined in the XACML could be resources, subjects and actions that are defined in the Security Assertion Markup Language. The effect that is defined could be ‘allow’ or ‘deny’. The conditions defined in the XACML could be attributes and the predicates that are described in the XACML requirements.

An outline of the tags that defines the Rule found in the XACML document is given below. This gives the hierarchy in which the tags are present in the document.

<Rule RuleId="xxx" Effect="xxx">
<Target>
<Subjects>
...
</Subjects>
<Resources>
...
</Resources>
<Actions>
...
</Actions>
</Target>
<Condition>
<Equal>
<AttributeDesignator AttributeName="xxx"/>
...
</Equal>
</Condition>
</Rule>

As given in the above code the <Rule> tag consists of the child elements like the <Target> and the <Condition>. The <Target> tag has the <Subjects>, <Resources>, and <Actions> tags as its child elements. The <Subjects> tag defines the subjects, and the <Resources> tags define the resources. These have the attributes AttributeName and the AttributeNamespace.

A separate tag for AttributeValue is also given. The root tag called the Rules tag has the RuleID attribute and the Effect attribute. The effect attribute usually has values like ‘Permit’. Allowing and denying is done using the effect attribute. The <condition> tag has conditions like <Equal> and the <AttributeDesignator>.

If you look at the code snippets that are given below you would get an idea of how the Rules are framed. The following code snippet gives an example of the <Resources> tags.

<Resources>
<saml:Attribute AttributeName=”docURI”
AttributeNamespace=”//yoursite.com”>
<saml:AttributeValue>//yoursite.com/rec.*</saml:AttributeValue>
</Resources>

It is possible to combine the Rules and the ways to combine the Rules are given in the XACML specification. Once an authorization is performed an action is performed. For more information and the ways of using the XML Access Control Markup Language you can refer to the specifications found in the web. A simple search on this topic would throw you a lot of examples on this topic.




_______________________________________________

FREE Subscription

Subscribe to our mailing list and receive new articles
through email. Keep yourself updated with latest
developments in the industry.

Name:
Email:

Note : We never rent, trade, or sell my email lists to
anyone. We assure that your privacy is respected
and protected.

_______________________________________

Recommended XML Books

cover
cover
cover
cover
cover
cover



 

FREE Subscription

Stay Current With the Latest Technology Developments Realted to XML. Signup for Our Newsletter and Receive New Articles Through Email.

Name:

Email:

Note : We never rent, trade, or sell our email lists to anyone. We assure that your privacy is respected and protected.

 

 

Add to My Yahoo!


New XML Books Titles - Best Seller's @ Amazon.com

Visit XML Training Material Guide Homepage

 

 

Copyright - © 2004 - 2014 - All Rights Reserved.