OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

OASIS-xacml@ConnectedCommunity.org

Contacts

Chair: Bill Parducci
bill@parducci.net

OASIS Staff Contact: Kelly Cullinane
kelly.cullinane@oasis-open.org

[Join this TC]

Charter

The charter of this TC may be found at http://www.oasis-open.org/committees/xacml/charter.php. Statements regarding IPR related to the work of this TC may be found at http://www.oasis-open.org/committees/xacml/ipr.php

Description

Representing and evaluating access control policies.

Group Notes

Table of Contents

 

Announcements

We are pleased to announce the publication of XACML v3.0 Dynamic Attribute Authority Version 1.0 as an OASIS Committee Specification. The full Profile is available at the following link: XACML v3.0 Time Extensions Profile, Version 1.0

We are pleased to announce the publication of XACML v3.0 Related and Nested Entities Profile Version 1.0 as an OASIS Committee Specification. The full Profile is available at the following link: XACML v3.0 Related and Nested Entities Profile, Version 1.0

We are pleased to announce the publication of XACML v3.0 Time Extensions Version 1.0 as an OASIS Committee Specification. The full Profile is available at the following link: XACML v3.0 Dynamic Attribute Authority Profile, Version 1.0

We are pleased to announce the publication of XACML REST Profile Version 1.1 and JSON Profile of XACML 3.0 Version 1.1 as OASIS Standards. Pdf versions are available at the following links: XACML REST Profile: https://docs.oasis-open.org/xacml/xacml-rest/v1.1/os/xacml-rest-v1.1-os.pdf JSON Profile of XACML 3.0: https://docs.oasis-open.org/xacml/xacml-json-http/v1.1/os/xacml-json-http-v1.1-os.pdf

We are pleased to announce the publication of eXtensible Access Control Markup Language (XACML) Version 3.0 Plus Errata 01 OASIS Standard incorporating Approved Errata. A pdf version is available at the following link: eXtensible Access Control Markup Language (XACML) Version 3.0 Plus Errata 01 OASIS Standard incorporating Approved Errata 12 July 2017 Further info is below in the XACML 3.0 section.

We are pleased to announce the publication of eXtensible Access Control Markup Language (XACML) Version 3.0 OASIS Standard. A pdf version is available at the following link: eXtensible Access Control Markup Language (XACML) Version 3.0 OASIS Standard 22 January 2013 Further info is below in the XACML 3.0 section.

XACML 3.0 received the Influential Standardization Efforts Award at the European Identity Conference in Munich, May 2011.

 

Overview

The XACML Technical Committee defines a core XML schema for representingauthorization and entitlement policies.

For more information, see the TC Charter, FAQ, and "A Brief Introduction to XACML".

 

Technical Work Produced by the Committee 

 

Work in progress:

    • Attribute-Centric Authorization Language (ACAL) Version 1.0

      The OASIS XACML Technical Committee is proud to announce a fundamental evolution of the XACML framework: the Attribute-Centric Authorization Language (ACAL).

      Why the Change?
      While XACML v3.0 is very powerful, the modern development landscape demands more flexibility. ACAL preserves the core logic and completeness of XACML while stripping away its strict dependency on XML.

      Key Modernizations:
      Syntax Agnostic: ACAL abstracts the core language, allowing for official representations in JSON (JACAL) and YAML (YACAL).

      XACML 4.0: 

      The XML implementation of the ACAL specification will officially become the v4.0 release of XACML, providing continuity to those who prefer XML based syntax.

      Streamlined Structure: 

      We have merged PolicySet and Policy into a single, unified Policy construct, simplifying the hierarchy and reducing duplication.

      Enhanced Expressibility:

      New features include global variables, composite functions, and support for JSONPath, making policies easier to write and maintain.

      Our goal is to make the language more accessible to today’s developers—reducing verbosity and the learning curve—without sacrificing the robust authorization power that XACML represents.

      We invite the community to review the specification and provide feedback.

     

    XACML 3.0 Specification Set: XACML 3.0 Core and the associated profiles are referenced below

     



    XACML 2.0 Specification Set: XACML 2.0 Core and seven associated profiles were approved as OASIS Standards on 1 February 2005. An eighth profile, XSPA Profile of XACML 2.0 for Healthcare was approved as OASIS Standard on 1 November 2009

    XACML 2.0 Errata: These are non-normative documents that contain TC-approved corrections for errors found in the specifications above.

     



    XACML 1.1 Specification Set:



     



    XACML 1.0 Specification Set:

    Core Specification: eXtensible Access Control Markup Language (XACML) Version 1.0

     

    The following work items are not currently on a standards track





    The following work items are not currently under active development or discussion, but have not officially been withdrawn.



     

    Expository Work Produced by the Committee 

     

    TC Tools and Approved Publications



     

    Mailing Lists and Comments

    xacml: the list used by TC members to conduct Committee work. TC membership required to post. TC members are automatically subscribed; the public may view archives.

    xacml-comment: a public mail list for providing input to the OASIS XACML Technical Committee members. Send a comment or view archives.* This list is currently under migration.

    xacml-dev: an unmoderated, public mail list that provides an open forum for developers of XACML policy evaluation engine implementations or supporting components and tools to exchange ideas and information on implementing the XACML OASIS Standard. Subscribe or view archives.* This list is currently under migration.

    xacml-users: an unmoderated, public mail list that provides an open forum for users of XACML to exchange ideas and information on expressing policies using the XACML OASIS language. Subscribe or view archives.* This list is currently under migration.

    xacml-demo-tech: a mailing list restricted to XACML TC members interested in technical aspects of an interoperability demo; archives are also limited to TC members. Subscribe or view archives.* This list is currently under migration.

    xacml-demo-mktg: a mailing list restricted to XACML TC members interested in marketing aspects of an interoperability demo; archives are also limited to TC members. Subscribe or view archives.* This list is currently under migration.

    *To minimize spam, you must subscribe to these lists before posting.

     

    Available XACML Implementations

    It is known that various developers have implemented XACML code andXACML support tools; some of these implementations are publiclyavailable for download. The following are listed here solely for theinformation of parties interested in XACML. By including these links,neither the XACML TC, nor OASIS itself, is endorsing or recommendingthese implementations in any way. This list may be modified at any timeas further information about these or other implementations becomesknown.

    • AuthzForce: open source project that provides a XACML 3.0 compliant policy engine, in two forms, depending on your needs:

      • Java API: AuthzForce provides a XACML 3.0 PDP engine as a Java library that enables applications to use an embedded XACML PDP in Java. More info: https://github.com/authzforce/core/

      • RESTful API: AuthzForce provides a multi-tenant RESTful API to PDP(s) and PAP(s) that enables web clients to manage policies, request authorization decisions, etc. Developed in the scope of the FIWARE European project. More info: https://github.com/authzforce/server

     

    For technical assistance regarding this OASIS TC web page, contact webmaster@oasis-open.org.

    Public Resources

    Announcements

    Log in to see this information

    Either the content you're seeking doesn't exist or it requires proper authentication before viewing.