Stack Overflow
Stack Overflow

Questions tagged [xacml]

XACML is the eXtensible Access Control Markup Language, an open standard for specifying and evaluating authorization and access control policies.

XACML is the eXtensible Access Control Markup Language, an open standard for specifying and evaluating of authorization and access control policies. The standard is managed by the OASIS XACML Technical Committee. The XACML 3.0 standard was ratified and released in January 2013.

XACML implements an access control model called attribute-based access control or .

The OASIS committee has identified and defined several ancillary profiles that extend the core XACML 3.0 specification for specific domains, such as the Administration and Delegation Profile, the SAML Profile, the Core and Hierarchical Role Base Access Control (RBAC) Profile, the Intellectual Property Control (IPC) profile, and the Export Compliance-US (EC-US) Profile. All of these profiles are defined on the OASIS site.

The XACML 2.0 standard was ratified in February 2005. A significant difference between the 2.0 and 3.0 standards is that 2.0 uses distinct XML element tags to separate attributes into subject, resource, action, or environment categories whereas 3.0 uses XML attributes to associate items with categories. In XACML 3.0 it's easier to define application-specific categories and the attribute processing model is more unified than in XACML 2.0.

XACML 3.0 also introduces Advice and makes Obligations more dynamic through the introduction of variables in the Obligation element.

412 questions
4
votes
1 answer

XACML Policy definition Resource attribute with a Wildcard option

How to define XACML Policy that checks something like table name like 'EMPL%' Do I have to use RegEx for that?
Oded Sofer
  • 41
  • 3
4
votes
3 answers

XACML - Does a policy actually require a rule?

If I define a XACML policy and provide some attributes in the policy target, do I actually need to provide an additional rule?
helpermethod
  • 59,493
  • 71
  • 188
  • 276
4
votes
1 answer

Spring abac data filtering vs Spring @PostFilter

I am using ABAC model for securing access to some entities in project. According to https://dzone.com/articles/simple-attribute-based-access-control-with-spring, I can easily define some policy rules for updating/deleting entities in project. After…
Андрей Т
  • 41
  • 2
4
votes
1 answer

Difference between target and condition in XACML

I would like to fixe the differences between target and condition in XACML language and when should I use target or condition.
A.Gh
  • 109
  • 1
  • 1
  • 6
4
votes
1 answer

Active Directory - Enforce extra authentication

Is it possible to enforce extra authentication (via an external service) or an extra layer of decision making after a successful active directory authentication? Thanks
Lewis Bushman
  • 291
  • 1
  • 8
4
votes
1 answer

Is there anyway to use ALFA to generate XACML without using the Eclipse plug-in?

Is there any way to use ALFA to generate XACML without using the ALFA Eclipse plugin? I would like to create a policy creator and programmatically creating ALFA and converting it to XACML would be preferable to attempting to generate XACML, right?
Aymon Fournier
  • 4,323
  • 12
  • 42
  • 59
4
votes
1 answer

Attribute based vs. activity based access control

What's the difference between attribute based access control and activity based access control within cloud authorization context?
thisisemar
  • 43
  • 4
4
votes
1 answer

How to Manage Trust between PEP and PDP

I am working with distributed scenario in which I have multiple instances of PEP and PDP , in such a scenario how PDP will validate that XACML request is coming from my trusted PEP.
Utsav
  • 1,593
  • 4
  • 22
  • 46
4
votes
1 answer

Open source policy editor tool for XACML 3.0 policy creation

I am using XACML 3.0 for authorization in my project is their any open source policy editor tool so that I can create policies on the fly.
Utsav
  • 1,593
  • 4
  • 22
  • 46
3
votes
2 answers

Trends in Externalizing Identity from Applications

Stackoverlow decided to use OpenID probably due to its simplicity while others believe that Information Cards (e.g. cardspace) is a better strategy in that it is backed by major industry vendors and is known to be more secure. Are there libraries…
McGovernTheory
  • 6,556
  • 4
  • 41
  • 75
3
votes
5 answers

Designing an XACML API

Currently, the XACML specification defines a protocol for request / response but leaves it up to interpretation as to how it can be integrated into an enterprise application. I believe that the value of XACML won't be realized unless there is the…
McGovernTheory
  • 6,556
  • 4
  • 41
  • 75
3
votes
2 answers

Processing XACML policies in java

I am actually working on a project that needs to parse the XACML policy file and detect the policies defined inside , to do so i've seen some of api but either they speak about how to build a request or how to parse the response (from the pdp ) ,…
Bouanani Meher
  • 107
  • 1
  • 3
  • 13
3
votes
1 answer

how to implement attribute base access control in python based web application?

i have a web application written in python(django REST framework) , now i want to implement attribute based access control(ABAC) on my web application for authorization , how can i implement ABAC policies on this application (can i use XACML…
Ziarmal
  • 41
  • 2
3
votes
1 answer

How to do logical AND for Rule combining for XACML

My scenario is I have a Policy with several rules and all the rules need to be true for the policy to be true. For example: Policy A - Rule 1 - Rule 2 - Rule 3 For Policy A to be applicable, i need all three Rules to return…
Samuel
  • 325
  • 4
  • 10
3
votes
1 answer

Securing REST API with WSO2 IS and XACML Policy

I try to secure my rest API(in wso2 ESB) with OAuth mediator and wso2 IS. I want to permit a user with a valid token, when, the request is matching a specific URI (that call from ESB exp /sample/test) and also matches with other conditions such as…
Soli
  • 545
  • 5
  • 11
1
2
3
27 28