Prab: CSV import

2024-06-11T04:12:50Z

CSV import

New page

[[File:XACML_Architecture_&_Flow.png|thumb|XACML_Architecture_&_Flow.png]] [[File:Cross-Enterprise_Federation_using_SAML_and_XACML.png|thumb|left|Cross-Enterprise_Federation_using_SAML_and_XACML.png]] '''XACML''' (eXtensible Access Control Markup Language) is a standard defined by [[OASIS (organization)|OASIS]] for expressing [[access control]] policies in a standardized XML format. XACML is designed to provide a flexible and extensible mechanism for defining access control policies that can be used across a wide range of applications and systems.

== Overview ==
XACML is primarily used to define access control policies for [[computer security]] systems. It separates the access decision logic from the application logic, allowing for centralized management of access control policies. This separation enhances security and simplifies policy administration.

== Components ==
XACML consists of several key components:

* '''Policy Enforcement Point (PEP)''': The component that intercepts a user's access request and enforces the decision made by the Policy Decision Point.
* '''Policy Decision Point (PDP)''': The component that evaluates access requests against policies and renders an access decision.
* '''Policy Administration Point (PAP)''': The component responsible for creating, managing, and storing access control policies.
* '''Policy Information Point (PIP)''': The component that provides additional information (attributes) required for policy evaluation.

== Policy Structure ==
XACML policies are structured in a hierarchical manner and consist of the following elements:

* '''PolicySet''': A container for multiple policies or other policy sets.
* '''Policy''': A single access control policy that contains rules.
* '''Rule''': The basic unit of a policy that defines a specific access control decision.

Each rule within a policy can specify conditions under which access is permitted or denied. These conditions are based on attributes of the subject (user), resource, action, and environment.

== Policy Language ==
The XACML policy language is XML-based and allows for the definition of complex access control rules. The language supports various functions, such as logical operations, arithmetic operations, and string manipulations, to create detailed and precise access control policies.

== Use Cases ==
XACML is used in various domains, including:

* [[Healthcare]]: To control access to sensitive patient information.
* [[Finance]]: To manage access to financial data and transactions.
* [[Government]]: To enforce access control policies for classified information.
* [[Cloud computing]]: To manage access to cloud resources and services.

== Advantages ==
Some of the key advantages of XACML include:

* '''Interoperability''': As a standardized language, XACML ensures interoperability between different systems and applications.
* '''Flexibility''': XACML's extensible nature allows for the creation of complex and customized access control policies.
* '''Centralized Management''': XACML enables centralized management of access control policies, simplifying administration and enhancing security.

== See Also ==
* [[Access control]]
* [[OASIS (organization)]]
* [[XML]]
* [[Computer security]]
* [[Policy-based management]]

== Related Pages ==
* [[Role-based access control]]
* [[Attribute-based access control]]
* [[Security Assertion Markup Language]]
* [[Identity management]]

[[Category:Computer security]]
[[Category:Access control]]
[[Category:XML-based standards]]
[[Category:OASIS standards]]

{{Computer-security-stub}}

XACML - Revision history

Prab: CSV import