XACML 3.0 is now Committee Specification Draft

Good news! Version 3.0 of the eXtensible Access Control Markup Language (XACML) has just been voted a Committee Specification Draft. There will only be a 15 day public review, since it has already been at that level before we dropped back to Working Draft. There is still a long way to go until version 3.0 becomes an OASIS standard, but at least we’ve started down that path.

What is XACML?
In short, XACML offers an architecture for access control, a policy language for describing and evaluating access control policies, and a protocol for requesting access. I’ve written about XACML in a series on EMC’s Developers Network:

What’s new in 3.0?
Axiomatics were the first company to implement 3.0 (their CTO, Erik Rissanen, is editor of the spec). They’ve also summarized what has changed since 2.0, the current OASIS standard:

Who’s using XACML?
Obviously not many people are using 3.0, since it’s not a standard yet. But 2.0 has been around since 2005 and is used in various places. Below is a sample of places where XACML is being used:

I’ll update this list when I find more examples. If you know of any, please let me know.

Update 2011-08-19: BitKOO is the second vendor to attest 3.0 compliance, after Axiomatics.


Please Join the Discussion

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s