Working with the eXtensible Access Control Markup Language

Previous page
Table of content
Next page


The eXtensible Access Control Markup Language (XACML) is an important new standard in the making from the Organization for the Advancement of Structured Information Standards (OASIS) (http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml). This standard lets developers add specialized XML tags to their code that defines the security policy for something like a Web service. Many developers view XACML as the next step beyond Security Assertions Markup Language (SAML). In fact, XACML is a high-level protocol that relies on SAML to perform many of the low-level tasks. In both cases, the process follows a four-step process for most callers:

  1. The caller requests access to a resource from an authentication server, rather than directly from the Web server. The caller doesn’t necessarily realize the difference, and the two servers might reside on the same physical machine, but the difference between the two servers is real.

  2. The authentication server requests a name and password from the user. It uses this information to look up the user’s credentials in a secure store such as Active Directory using a language such as the Lightweight Directory Access Protocol (LDAP). At some point, the server either authenticates the caller or ejects the caller from the system.

  3. The authentication opens a session with the destination (Web) server. It provides the user request and credentials. The Web server provides a Uniform Resource Identifier (URI) to the authentication server.

  4. The authentication server presents the caller with the URI from the Web server. At this point, the caller and the Web server are in direct communication and the authentication server drops out of the conversation.

The advantage of using XACML is that the developer need not worry about multiple protocols to implement a security solution. Using one set of markup tags enables the developer to control security for a Web application. Note that this is a Web application solution and probably won’t affect your desktop application development strategies. You can find a relatively technical description of precisely how XACML and SAML work together at http://sunxacml.sourceforge.net/guide.html.

The current version of Visual Studio .NET doesn’t provide direct XACML support. In fact, there isn’t any evidence that Microsoft plans to provide this support in the near future. However, it’s an option to consider as third parties develop add-ons for Visual Studio .NET that provide this capability. Currently, one training company shows how to develop XACML solutions using the .NET Framework. Learn more about this course at http://www.objectinnovations.com/CourseOutlines/418.html.


Previous page
Table of content
Next page
.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168
Authors: John Paul Mueller
BUY ON AMAZON
Project Management JumpStart
Interprocess Communications in Linux: The Nooks and Crannies
Qshell for iSeries
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Junos Cookbook (Cookbooks (OReilly))
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy