Technology Report: XACML – Extensible Access Control Markup Language

Report Details

This report explains XACML, an evolving standard in the field of access control. Access control in IT is of vital importance. Companies use access control technology to protect sensitive systems and information, and to keep assets safe.

At the same time, compliance with external regulations and internal policies is very important and access control technology is key. We can think about access control doing two things:

  • 1. Identifying the users (who are you)
  • 2. Allowing known users to do things (what are you allowed to do)

The first part is authentication and solutions are very mature at the time of writing. The industry has very many solutions available to authenticate users through a variety of methods - from a standard username/password combination to highly secure multi-factor authentication systems. The second part is authorisation and unfortunately the picture there is not as pretty. In fact, authorisation is far from being "solved". and is typically left to the applications. This presents several fundamental problems. There are many applications running in an enterprise, and many of these applications manage their own entitlements, and do it differently. This makes access control very difficult to manage! Compliance with regulations is also a tricky business: regulations and policies are not application specific, yet entitlements are specific to each application. Hence there is always the problem of mapping general business policies into the many different styles of entitlements found within the applications.

The solution is to externalise authorisation from the actual applications. Instead of implementing access control policy, applications should use an external access control system in order to make the decision regarding access control policy. For applications, this presents a shift in thinking. For a service oriented architecture (SOA) this comes as a natural way of thinking. Services in a SOA tend to be more modular than monolithic applications; hence the need to enforce access control policy over a set of services is a natural requirement. SOA provides both a new level of needs and a new level of capabilities which make it possible to think in terms of authorisation as an application-external, shared and generic service. It is important however to stress that XACML is not at all specific to SOA, nor is implementing a SOA required to make use of XACML. In fact, XACML is valuable regardless of whether a SOA is deployed or not.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Sep 29, 2009

Technology Report: XACML – Extensible Access Control Markup Language

This report explains XACML, an evolving standard in the field of access control. Access control in IT is of vital importance. Companies use access control technology to protect sensitive systems and information, and to keep assets safe. At the same time, compliance with external regulations…

€165.00 Get Access
Mastercard Visa PayPal Invoice

Latest Related Reports

Discover KuppingerCole

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Blog

Latest Insights

Hot Topics

Spotlight

Learn more

Cyber Defence Center

Today, the Cyber Defence Center (CDC) or Security Operations Center (SOC) is at the heart of enterprise security management. It is used to monitor and analyze security alerts coming from the various systems across the enterprise and to take actions against detected threats. However, the rapidly growing number and sophistication of modern advanced cyber-attacks make running a SOC an increasingly challenging task even for the largest enterprises with their fat budgets for IT security. The overwhelming number of alerts puts a huge strain even on the best security experts, leaving just minutes [...]

Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00