Understanding XML Access Control Markup Language - XACML
is the Access Control Markup Language that is used to express the rules that are
necessary for authentication and authorization. The vocabulary to express these
rules is given by the access control markup language. These rules are used to
make decisions regarding the authorization.
simple example of this could be the way the employees of a company can have access
to the resources in the company. Not all the employees will have access to all
the resources. The staff of the marketing department will have access to different
resources whereas the HR department staff may access some other information. Getting
email notification when some records are accessed is also possible.
are many features of the XML Access Control Markup Language. This defines:
The rules for expressing authorization
· The conditions those are necessary
for creating the rules
· The way in which the rules and the conditions
can be combined
· The way in which the rules can be evaluated
· Rules that apply to a subject
XACML definitions are used for the subjects and the actions. Rules for the targets
are defined in this markup language. The effects and the conditions are also defined
in XML Access Control Markup Language. The targets that are defined in the XACML
could be resources, subjects and actions that are defined in the Security Assertion
Markup Language. The effect that is defined could be allow or deny.
The conditions defined in the XACML could be attributes and the predicates that
are described in the XACML requirements.
outline of the tags that defines the Rule found in the XACML document is given
below. This gives the hierarchy in which the tags are present in the document.
given in the above code the <Rule> tag consists of the child elements like
the <Target> and the <Condition>. The <Target> tag has the <Subjects>,
<Resources>, and <Actions> tags as its child elements. The <Subjects>
tag defines the subjects, and the <Resources> tags define the resources.
These have the attributes AttributeName and the AttributeNamespace.
separate tag for AttributeValue is also given. The root tag called the Rules tag
has the RuleID attribute and the Effect attribute. The effect attribute usually
has values like Permit. Allowing and denying is done using the effect
attribute. The <condition> tag has conditions like <Equal> and the
you look at the code snippets that are given below you would get an idea of how
the Rules are framed. The following code snippet gives an example of the <Resources>
is possible to combine the Rules and the ways to combine the Rules are given in
the XACML specification. Once an authorization is performed an action is performed.
For more information and the ways of using the XML Access Control Markup Language
you can refer to the specifications found in the web. A simple search on this
topic would throw you a lot of examples on this topic.
Subscribe to our mailing list and receive new articles
through email. Keep yourself updated with latest
developments in the industry.
: We never rent, trade, or sell my email lists to
We assure that your privacy is respected