Is XACML a Classic?Gerry Gebel

@ggebel

XACML 3.0 isapproved

10 vendors

5 end-user

orgs

Open source options

Who’s the XACML Technical Committee?

RSA 2013Interop

When will Catalyst host the next interop?

StandardizedXACML is a Authorization language

CentralizedXACML enables Authorization

Attributebased

XACML implements Access Control

Check out the NIST Special Publication 800-162 on ABAC

Policybased

XACML is a Access Control language

eXtensibleThe XACML language & architecture is

Fine grainedXACML allows for Authorization scenarios

Does this XML make me

look fat?

<xml/>

XACMLJSON Profile

84%smaller

Character Count0

200

400

600

800

1000

1200

1400

XMLJSON

REST Profileof XACML

Three Implementations

already

JSON

XML

ProtectIn-depth

XACML lets you SPF 5 to 50

ImplementSegregation

Of Duty

Managers can approve a transaction

if and only if they did not initiate it

if and only if user.id != creator id

Easily with XACML rules & attributes

InheritMultiple

Rules

Managers can approve a transaction

if and only if they did not initiate it

And if it’s between 9am and 5pm

And the amount is under the user’s limit

XACML lets you And combine them into a single set

Device-awareXACML enables authorization for BYOD

,kill

the

comma(the semi-colon too)

Ian Glazer once claimed: “Kill IAM to save it”

a happy relationship

XACML helps you build that lasts generations

XACML & OAuth

OAuth 2.0

XACML

XACML & SCIM

XACML & SAML