XACML gets ratified

Members of the OASIS interoperability consortium have approved the Extensible Access Control Markup Language (XACML) as an OASIS Open Standard.

Members of the OASIS interoperability consortium have approved the Extensible Access Control Markup Language (XACML) as an OASIS Open Standard, a status that signifies the highest level of ratification. XACML allows developers to express and enforce policies for information access over the Internet.

‘XACML is designed to enable the interoperability of a broad range of administration and authorisation products by providing a universal language for authorisation policy,’ explained Hal Lockhart of BEA Systems, co-chair of the OASIS XACML Technical Committee.

‘Policies applied consistently across environments and across vendor products is the cornerstone of good security,’ added Carlisle Adams of Entrust, co-chair of the OASIS XACML Technical Committee. ‘Coupled with secure mechanisms for carrying requester attributes – such as SAML assertions, Java permissions, or WS-Security tokens – XACML is a key component in an authorisation infrastructure that can span Web services, J2SE, and other e-business environments.’

The OASIS XACML specification was developed by Entrust, IBM, OpenNetwork, Quadrasis, Sterling Commerce, Sun Microsystems, and other members of the OASIS Extensible Access Control Markup Language Technical Committee.

Before becoming an OASIS Open Standard, XACML first completed an extensive public review and was approved by the OASIS XACML Technical Committee. Then, the specification demonstrated its readiness through multiple implementations, after which XACML was reviewed and approved by the OASIS membership as a whole.

XACML is the latest addition to the growing OASIS portfolio of security standards. It joins another recently approved OASIS Open Standard, the Security Assertion Markup Language (SAML), as well as emerging specifications such as WS-Security, Service Provisioning Markup Language (SPML), Digital Signature Services (DSS), and Public Key Infrastructure (PKI).

On the web