HOME HOUSE PROJECTS SCHOOL PHOTO GALLERY RESUME
PROPOSED TERM PAPER TITLE:
 
XACML: Implementing Security Policy through a Mark-Up Language
 

ABSTRACT:

 

Implementing a security policy is currently a complex and error-prone exercise for an enterprise. The variety of access permissions that are required for normal functioning of a company's Internet commerce server may be radically different from its email or groupware servers. Each application within these domains typically has a unique way of setting the security levels, and these may vary on the deployment platform. OASIS (Organization for the Advancement of Structured Information Standards), the XML Open Standards group, has developed a series of standards to address internet security through XML. The Extensible Access Control Markup Language, XACML, has been offered by the OASIS committee as a solution to the security policy (authorization) problem.

XACML provides a method for defining security rules in an XML format. It enables an organization to allow multiple layers of access authorization both within a document as well as to the document as a whole. This paper discusses the XACML specification, conformance testing, integration with the other XML security components (particularly Security Access Markup Language and XML Encryption). It will review recently released implementations by SUN Microsystems and Jiffy Software, and look at issues on the road to broad-based utilization in industry.

MAJOR REFERENCES:

Note - This is a very recently approved standard (February 2003), and references are still limited. With the exception of news announcements, resources are almost exclusively web-based.

 
SOURCE
REFERENCE
OASIS.ORG
COVERPAGES.ORG
SUN Microsystems, Inc.
Jiffy Software, Inc.

 

Site comments or problems:   email joan smith