Technology Report: XACML – Extensible Access Control Markup Language

Report Details

This report explains XACML, an evolving standard in the field of access control. Access control in IT is of vital importance. Companies use access control technology to protect sensitive systems and information, and to keep assets safe.

At the same time, compliance with external regulations and internal policies is very important and access control technology is key. We can think about access control doing two things:

  • 1. Identifying the users (who are you)
  • 2. Allowing known users to do things (what are you allowed to do)

The first part is authentication and solutions are very mature at the time of writing. The industry has very many solutions available to authenticate users through a variety of methods - from a standard username/password combination to highly secure multi-factor authentication systems. The second part is authorisation and unfortunately the picture there is not as pretty. In fact, authorisation is far from being "solved". and is typically left to the applications. This presents several fundamental problems. There are many applications running in an enterprise, and many of these applications manage their own entitlements, and do it differently. This makes access control very difficult to manage! Compliance with regulations is also a tricky business: regulations and policies are not application specific, yet entitlements are specific to each application. Hence there is always the problem of mapping general business policies into the many different styles of entitlements found within the applications.

The solution is to externalise authorisation from the actual applications. Instead of implementing access control policy, applications should use an external access control system in order to make the decision regarding access control policy. For applications, this presents a shift in thinking. For a service oriented architecture (SOA) this comes as a natural way of thinking. Services in a SOA tend to be more modular than monolithic applications; hence the need to enforce access control policy over a set of services is a natural requirement. SOA provides both a new level of needs and a new level of capabilities which make it possible to think in terms of authorisation as an application-external, shared and generic service. It is important however to stress that XACML is not at all specific to SOA, nor is implementing a SOA required to make use of XACML. In fact, XACML is valuable regardless of whether a SOA is deployed or not.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Sep 29, 2009

Technology Report: XACML – Extensible Access Control Markup Language

This report explains XACML, an evolving standard in the field of access control. Access control in IT is of vital importance. Companies use access control technology to protect sensitive systems and information, and to keep assets safe. At the same time, compliance with external regulations…

€165.00
excl. VAT
Get Access
Mastercard Visa American Express PayPal INVOICE

Latest Related Reports


KuppingerCole PLUS

Get access to the whole body of KC PLUS research including Leadership Compass documents for only €800 a year

Blog

Blog

A Iot to Venture, More to GAIN

A Iot to Venture, More to GAIN
Matthias Reinwarth

As social beings, people interact with their environment, whether as citizens of a state, as employees of a company or as contractual partners (customers, insured persons) with a company in the private sector. Even if a large number of such transactions can take place anonymously (coffee to go on the way to the office in the morning does not require identification), proof of identity or the reliable assurance of a particular characteristic ("of legal age," "fully vaccinated") is often [...]

Latest Insights

Hot Topics


Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00