OASIS Members and other interested parties, OASIS is pleased to announce the approval and publication of two new Committee Specifications by the members of the eXtensible Access Control Markup Language (XACML) TC [1]: - XACML v3.0 Related and Nested Entities Profile Version 1.0 Committee Specification 03 - XACML v3.0 Separation of Duties Version 1.0 Committee Specification 01 These two Committee Specifications are OASIS deliverables, completed and approved by the TC and fully ready for testing and implementation. XACML v3.0 Related and Nested Entities Profile Version 1.0 Committee Specification 03 30 January 2024 Overview: It is not unusual for access control policy to be dependent on attributes that are not naturally properties of the access subject or resource, but rather are properties of entities that are related to the access subject or resource. This profile defines the means to reference such attributes from within XACML policies for processing by a policy decision point. The prose specifications and related files are available here: Editable source (Authoritative):
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs03/xacml-3.0-related-entities-v1.0-cs03.docx HTML:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs03/xacml-3.0-related-entities-v1.0-cs03.html PDF:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs03/xacml-3.0-related-entities-v1.0-cs03.pdf XML schemas:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs03/schemas/ Distribution ZIP file For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs03/xacml-3.0-related-entities-v1.0-cs03.zip ****** XACML v3.0 Separation of Duties Version 1.0 Committee Specification 01 30 January 2024 Overview: This specification defines a method for supporting separation of duties within XACML policies using obligations and allowing the full generality of attribute-based access control. In particular, duties are not required to be associated with subject roles. The prose specifications and related files are available here: Editable source (Authoritative):
https://docs.oasis-open.org/xacml/xacml-3.0-duties/v1.0/cs01/xacml-3.0-duties-v1.0-cs01.docx HTML:
https://docs.oasis-open.org/xacml/xacml-3.0-duties/v1.0/cs01/xacml-3.0-duties-v1.0-cs01.html PDF:
https://docs.oasis-open.org/xacml/xacml-3.0-duties/v1.0/cs01/xacml-3.0-duties-v1.0-cs01.pdf Distribution ZIP file:
https://docs.oasis-open.org/xacml/xacml-3.0-duties/v1.0/cs01/xacml-3.0-duties-v1.0-cs01.zip Members of the eXtensible Access Control Markup Language (XACML) TC [1] approved these two specifications by Special Majority Vote. The specifications had been released for public review as required by the TC Process [2]. The vote to approve as Committee Specifications passed [3], and the documents are now available online in the OASIS Library as referenced above. Our congratulations to the TC on achieving these milestones and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work. ========== Additional references: [1] eXtensible Access Control Markup Language (XACML) TC
https://www.oasis-open.org/committees/xacml/ [2] Details of public reviews:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/csd03/xacml-3.0-related-entities-v1.0-csd03-public-review-metadata.html https://docs.oasis-open.org/xacml/xacml-3.0-duties/v1.0/csd01/xacml-3.0-duties-v1.0-csd01-public-review-metadata.html [3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3812 -- Paul Knight ... . Document Process Analyst OASIS ... Setting the standard for open collaboration