Chapter 7: XACML

Previous page
Table of content
Next page


Overview

The previous chapter described how SAML is used to convey information about authorization, authentication, and attributes in XML-formatted assertions. These authorization decisions are based on configurable rules. XACML (pronounced “zac-mull” and standing for “eXtensible Access Control Markup Language”) is being produced by the OASIS standards body to define an XML vocabulary to express the rules on which access control decisions are made.

XACML defines rules to allow access to resources (read, write, execute, and so forth) based on characteristics of the requester (“only members of the Human Resources department can access this document”), characteristics of the request protocol (for example, “SSL must be used to access this document”), and the authentication context (such as “a digital certificate must be used for authentication if this document is to be read”).

As well as defining the format of the rules themselves, XACML defines conditions for creating rules (“rules for making rules”), how rules may be combined, and how rules are processed to perform decisions. Policy statements may be created by collecting XACML-expressed rules together.



Previous page
Table of content
Next page
Web Services Security
Web Services Security
ISBN: 0072224711
EAN: 2147483647
Year: 2003
Pages: 105
Authors: Mark ONeill
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Agile Project Management: Creating Innovative Products (2nd Edition)
Strategies for Information Technology Governance
Managing Enterprise Systems with the Windows Script Host
C & Data Structures (Charles River Media Computer Engineering)
Comparing, Designing, and Deploying VPNs
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy