Two XACML Committee Specifications approved – “Related and Nested Entities” and “Separation of Duties”
Two XACML specifications ready for testing and implementation
OASIS is pleased to announce the approval and publication of two new Committee Specifications by the members of the eXtensible Access Control Markup Language (XACML) TC [1]:
– XACML v3.0 Related and Nested Entities Profile Version 1.0 Committee Specification 03
– XACML v3.0 Separation of Duties Version 1.0 Committee Specification 01
These two Committee Specifications are OASIS deliverables, completed and approved by the TC and fully ready for testing and implementation.
XACML v3.0 Related and Nested Entities Profile Version 1.0
Committee Specification 03
30 January 2024
Overview:
It is not unusual for access control policy to be dependent on attributes that are not naturally properties of the access subject or resource, but rather are properties of entities that are related to the access subject or resource. This profile defines the means to reference such attributes from within XACML policies for processing by a policy decision point.
The prose specifications and related files are available here:
Editable source (Authoritative):
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs03/xacml-3.0-related-entities-v1.0-cs03.docx
XML schemas:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs03/schemas/
Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs03/xacml-3.0-related-entities-v1.0-cs03.zip
******
XACML v3.0 Separation of Duties Version 1.0
Committee Specification 01
30 January 2024
Overview:
This specification defines a method for supporting separation of duties within XACML policies using obligations and allowing the full generality of attribute-based access control. In particular, duties are not required to be associated with subject roles.
The prose specifications and related files are available here:
Editable source (Authoritative):
https://docs.oasis-open.org/xacml/xacml-3.0-duties/v1.0/cs01/xacml-3.0-duties-v1.0-cs01.docx
HTML:
https://docs.oasis-open.org/xacml/xacml-3.0-duties/v1.0/cs01/xacml-3.0-duties-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/xacml/xacml-3.0-duties/v1.0/cs01/xacml-3.0-duties-v1.0-cs01.pdf
Distribution ZIP file:
https://docs.oasis-open.org/xacml/xacml-3.0-duties/v1.0/cs01/xacml-3.0-duties-v1.0-cs01.zip
Members of the eXtensible Access Control Markup Language (XACML) TC [1] approved these two specifications by Special Majority Vote. The specifications had been released for public review as required by the TC Process [2]. The vote to approve as Committee Specifications passed [3], and the documents are now available online in the OASIS Library as referenced above.
Our congratulations to the TC on achieving these milestones and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.
========== Additional references:
[1] eXtensible Access Control Markup Language (XACML) TC
https://www.oasis-open.org/committees/xacml/
[2] Details of public reviews:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/csd03/xacml-3.0-related-entities-v1.0-csd03-public-review-metadata.html
https://docs.oasis-open.org/xacml/xacml-3.0-duties/v1.0/csd01/xacml-3.0-duties-v1.0-csd01-public-review-metadata.html
[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3812