XACML will help enterprises in three areas



On February 18, 2003, the Organization for the Advancement of Structured Information Standards (OASIS) announced that it has approved XACML as an Open Standard. XACML is a common description language for access control policies.

First Take

XACML provides a necessary component for complex, interactive Web services, enterprise-wide security management and DRM. Using XACML, an enterprise can define platform-independent rules for how its resources are used by those inside and outside the enterprise. Enterprises can work together without having to align their computing platforms (whether based on Java, .Net or another technology); they just have to align their access policies. By allowing each to examine the access control policies of the other, XACML can foster a certain level of trust between enterprises even without prior contact. This capability will spur enterprises to develop business models involving the deployment of general Web services across the firewall to new business partners. XACML provides another Web services security building block, along with Security Assertion Markup Language (SAML), XML Key Management Specification and Web Services Security (WS-Security).

As a less recognized but likely more valuable use, the platform independence of XACML will allow an enterprise with a heterogeneous computing environment to define access control policies centrally for implementation on each platform in that platform’s format rather than managing policy for each manually. XACML can thus provide a security oversight framework on which enterprises can create strong security management and monitoring tools. XACML will likely boost the development of centralized security and system monitoring mechanisms, including network security platforms.

XACML will support DRM by defining how individuals, automated agents or enterprises can use intellectual property. XACML’s platform independence can bridge the proprietary technologies used in today’s DRM systems and will therefore foster the evolution of standard approaches to DRM. XACML faces at least one major roadblock – the Extensible Rights Markup Language (XRML) initiative spearheaded by Microsoft and ContentGuard (it’s also an OASIS working group). XRML has some overlaps with XACML, but Gartner believes that, in the near term, the two will integrate or at least interoperate as XACML enjoys a level of industry support near that of SAML.

In all three areas, XACML can ease the integration of disparate technologies. Enterprises should look for platform access control mechanisms and centralized policy management tools compatible with XACML by 2H04. Enterprises extending their trusted environment by deploying Web services beyond the firewall should require XACML-, SAML- and WS-Security-compatible platforms by 1H04. DRM systems using XACML (or compatible XRML) and Web services will also begin to appear by 1H04.

Analytical Source: Ray Wagner, Gartner Research

Recommended Reading and Related Research

“Web Services Security in 2003” – Enterprises should take a cautious approach to Web services deployment across the enterprise perimeter in 2003. By Ray Wagner

“SAML Approval Brings Secure Web Services a Step Closer” – The newly approved SAML standard will play a central role in Web services deployments because it supports complex workflow and new business models. By Ray Wagner and John Pescatore

(You may need to sign in or be a Gartner client to access all of this content.)

Entire contents

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now