Description
This specification describes various aspects of the use of XACML in a Web Services context. First, it specifies the use of an XACML authorization decision as an authorization token or credential in a Web Services Security header. Second, it specifies how to use XACML policies in Web Services policy Assertions. Third, it describes how to represent user-level privacy policy requirements using XACML. Fourth, it describes how to pass XACML Attributes in SOAP message headers. These aspects are independent of each other, with the exception of user-level privacy policy requirements, which makes use of the format for using XACML policies in Web Services policy Assertions.