Technology Report: XACML – Extensible Access Control Markup Language

Report Details

This report explains XACML, an evolving standard in the field of access control. Access control in IT is of vital importance. Companies use access control technology to protect sensitive systems and information, and to keep assets safe.

At the same time, compliance with external regulations and internal policies is very important and access control technology is key. We can think about access control doing two things:

  • 1. Identifying the users (who are you)
  • 2. Allowing known users to do things (what are you allowed to do)

The first part is authentication and solutions are very mature at the time of writing. The industry has very many solutions available to authenticate users through a variety of methods - from a standard username/password combination to highly secure multi-factor authentication systems. The second part is authorisation and unfortunately the picture there is not as pretty. In fact, authorisation is far from being "solved". and is typically left to the applications. This presents several fundamental problems. There are many applications running in an enterprise, and many of these applications manage their own entitlements, and do it differently. This makes access control very difficult to manage! Compliance with regulations is also a tricky business: regulations and policies are not application specific, yet entitlements are specific to each application. Hence there is always the problem of mapping general business policies into the many different styles of entitlements found within the applications.

The solution is to externalise authorisation from the actual applications. Instead of implementing access control policy, applications should use an external access control system in order to make the decision regarding access control policy. For applications, this presents a shift in thinking. For a service oriented architecture (SOA) this comes as a natural way of thinking. Services in a SOA tend to be more modular than monolithic applications; hence the need to enforce access control policy over a set of services is a natural requirement. SOA provides both a new level of needs and a new level of capabilities which make it possible to think in terms of authorisation as an application-external, shared and generic service. It is important however to stress that XACML is not at all specific to SOA, nor is implementing a SOA required to make use of XACML. In fact, XACML is valuable regardless of whether a SOA is deployed or not.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Sep 29, 2009

Technology Report: XACML – Extensible Access Control Markup Language

This report explains XACML, an evolving standard in the field of access control. Access control in IT is of vital importance. Companies use access control technology to protect sensitive systems and information, and to keep assets safe. At the same time, compliance with external regulations…

€165.00 Get Access
Mastercard Visa PayPal Invoice

Latest Related Reports

Discover KuppingerCole

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Blog

Blog

GDPR vs. PSD2: why the European Commission must eliminate screen scraping

The General Data Protection Regulation (GDPR) and Revised Payment Service Directive (PSD2) are two of the most important and most talked about technical legislative actions to arise in recent years.  Both emanate from the European Commission, and both are aimed at consumer protection. GDPR [...]

Latest Insights

Hot Topics

Spotlight

Connected Consumer Learn more

Connected Consumer

When dealing with consumers and customers directly the most important asset for any forward-thinking organisation is the data provided and collected for these new type of identities. The appropriate management of consumer identities is of utmost importance. Handing over personal data to a commercial organisation the consumer typically does this with two contrasting expectations. On one hand the consumer wants to benefit from the organisation as a contract partner for goods or services. Customer-facing organizations get into direct contact with their customers today as they are accessing their [...]

Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00