Description
This specification describes various aspects of the use of XACML in a Web
Services context. First, it specifies the use of an XACML authorization
decision as an authorization token or credential in a Web Services Security
header. Second, it specifies how to use XACML policies in Web Services
policy Assertions. Third, it describes how to represent user-level privacy
policy requirements using XACML. Fourth, it describes how to pass XACML
Attributes in SOAP message headers. These aspects are independent of each
other, with the exception of user-level privacy policy requirements, which
makes use of the format for using XACML policies in Web Services policy
Assertions.