RealTime IT News

OASIS Signs Off on Access Control Standard

E-business standards group OASIS has approved the Extensible Access Control Markup Language (XACML) version 2.0, a key standard for access control policies.

Fostered by OASIS members such as IBM , Sun Microsystems , BEA Systems and Computer Associates , XACML is a crucial security component that grants or denies access to applications. At a higher level, it also allows programmers to create the rules that make authorization decisions possible.

"XACML finally enables organizations to move access control policy out of custom spaghetti code and into an interoperable, declarative XML form," said Eugene Kuznetsov, CTO, founder and chairman of DataPower, an OASIS member. "Whether driven by new security threats, regulatory mandates or Web services, there is a growing need for fine-grained authorization for heterogeneous systems."

XACML 2.0 features integration for the OASIS Security Assertion Markup Language (SAML) standards, as well as new profiles for Role Based Access Control (RBAC) and Lightweight Directory Access Protocol (LDAP) , which dictate role-based usage policies.

The new security standard is designed to complement SAML , or those looking for a way to protect resources, such as portions of XML documents. It can also be seen as a complement to specifications such as federated identity and single sign-on with other working groups such as the Liberty Alliance.

XACML 2.0 comes more than two years after the ratification of the first version. But the promise of such security policies has grown greatly, underscored by a flurry of activity concerning distributed computing systems.

XACML, SAML and Liberty protocols have become cornerstones of the adoption of service-oriented architectures (SOA) , many of which leverage Web services to conduct business transactions and execute purchase orders.

BEA, Sun, and DataPower, all of which provide infrastructure products to support Web services, are among the companies that said they would support XACML in products going forward.

Thoroughly tested by the OASIS XACML technical committee, XACML 2.0 is part of the growing OASIS security standard portfolio, which also includes SAML, Application Vulnerability Description Language (AVDL), Service Provisioning Markup Language (SPML), WS-Security, and XML Common Biometric Format (XCBF).