Reference document

Org
OASIS
Pubnum
XACML Ver 3.0
Date
2013-01-22
Version
3
Title
eXtensible Access Control Markup Language core specification

Applicability

The motivation behind XACML is to express the well-established ideas in the field of access- control policy (e.g., rules, policies, policy sets, subjects, decision requests, authorization decisions,) using an extension language of XML. According to the Core specification, there is a pressing need for a common language for expressing security policy. If implemented throughout an enterprise, a common policy language allows the enterprise to manage the enforcement of all the elements of its security policy in all the components of its information systems. Managing security policy may include some or all of the following steps writing, reviewing, testing, approving, issuing, combining, analyzing, modifying, withdrawing, retrieving and enforcing policy. The XACML specification thus enables the use of arbitrary attributes in policies, role-based access control, security labels, time/date-based policies, indexable policies, ‘deny’ policies, and dynamic policies - all without requiring changes to the applications that use XACML. Adoption of XACML across vendor and product platforms should provide the opportunity for organizations to perform access and access policy audits directly across such systems.

The principal features of XACML are documented in the core Extensible Access Control Markup Language (XACML) Version 3.0 specification.

Responsible Party

Name
NCIA/CS

Status

URI
http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

History

Flag Date RFC Version
added 2014-05-12 9
changed 2017-01-14 9-19 10
UUID
4cfd8460-5550-4f40-82f7-e7f58b6ded8e

Relationships

This standard is used by the following service profiles: