XACML
XACML (Extensible Access Control Markup Language) is an open standardised XML-based language for configuring security policies and access rights for Web services. The following figure shows a simplified XACML policy model. XACML supports fine-grained, attribute-based access control definitions and supports policy composition by reusing these low-level definitions.
The following image depicts a simplified XACML policy model.
| Attribute | Description |
|---|---|
| Resource | Data, service, or system component. |
| Subject |
Predicate: A statement about attributes whose truth can be evaluated. An actor whose attributes may be referenced by a predicate. |
| Action | An operation on a resource. |
| Environment | The set of attributes that are relevant to an authorization decision and are independent of a particular subject, resource or action. |
Target: Set of simplified subject, resource, and action conditions that must be satisfied for a policy set, policy, or rule to apply to a particular request.
Obligation: An obligation is a directive from the policy decision point (PDP) to the policy enforcement point (PEP) on what must be carried out before or after access is approved.
XACML Editors
- Temenos XACML Policy Editor
- PAP-UI
- Third-Party Editors
- The good and easy to use open-source editors for XACML policy files are,
- Eclipse ALFA Plugin
- UMU-XACML-Editor
- WSO2 Identity Server
- The good and easy to use open-source editors for XACML policy files are,
In this topic