XACML OASIS InterOp
28 June 2007
At Burton Group's Catalyst Conference, eight companies join together for the first time to demonstrate interoperability of the eXtensible Access Control Markup Language (XACML) 2.0 OASIS Standard. An extremely flexible language for expressing access control, XACML is particularly designed to support large-scale environments where resources are distributed and policy administration is federated. XACML 2.0 is also ITU/T Recommendation X.1142.
BEA Systems, CA, IBM, Jericho, Oracle, Red Hat, Securent, and other members of the OASIS XACML Technical Committee will participate in the XACML demonstration, which will include two scenarios. In the first, different implementations exchange XACML policies that control access for a variety of Web server addresses. This demonstrates the ability of different implementations to understand the language defined by XACML.
In the second scenario, authorization decisions are enforced by applications based on interaction with an external policy decision point. Both the application and the policy decision point may be independently implemented, and communication between them uses the XACML Security Assertion Markup Language (SAML) Authorization Decision Request Protocol. This shows how components such as services, applications and containers can defer to a centrally managed authorization service when making authorization decisions.