Presentation is loading. Please wait.

Presentation is loading. Please wait.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation."— Presentation transcript:

1 XACML 2.0 and Earlier Hal Lockhart, Oracle

2 What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n Ability to use any available information n Superset of Permissions, ACLs, RBAC, etc n Scales from PDA to Internet n Federated policy administration n OASIS and ITU-T Standard

3 Trends Driving Fine-Grained Access Control n De-perimeterization l No longer just “them and us” l Firewall is no longer sufficient n Service Oriented Architecture l Multiple access contexts for each service n Cloud l Complex interactions of internal and external components l Federated administration

4 Powerful Policy Expression n “Anyone can use web servers with the ‘spare’ property between 12:00 AM and 4:00 AM” n “Salespeople can create orders, but if the total cost is greater that $1M, a supervisor must approve” n “Anyone view their own 401K information, but nobody else’s” n “The print formatting service can access printers and temporary storage on behalf of any user with the print attribute” n “The primary physician can have any of her patients’ medical records sent to a specialist in the same practice.”

5 Key XACML Features n Federated Policy Administration l Multiple policies applicable to same situation l Combining rules to resolve conflicts n Decision may include Obligations l In addition to Permit or Deny l Obligation can specify present or future action l Examples: Log request, require human approval, delete data after 30 days n Protect any resource l Web Server, Java or C++ Object, Room in building, Network Access, Web Service, Geographic Data, Health Records, etc.

6 XACML Architecture PDP Decision Application Administration Policy Repository PEP Enforcement Client Authorities Attribute Repositories PDP

7 XACML Concepts PolicySet Policies Obligations Rules Target Obligations Condition Effect Target

8 XACML 2.0 Profiles n Digital Signature l Integrity protection of Policies n Hierarchical Resources l Using XACML to protect files, directory entries, web pages n Privacy l Determine “purpose” of access n RBAC l Support ANSI RBAC Profile with XACML n SAML Integration l XACML-based decision request l Fetch applicable policies l Attribute alignment

9 XACML Benefits n Standard Policy Language l Investment protection l Skills reuse l Create analysis tools market n Leverage XML tools n Policy not in application code l Reduce cost of changes l Consistent application l Enable audit

Download ppt "XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation."

Similar presentations

Trust and Security for Next Generation Grids, www.gridtrust.eu Implementing UCON with XACML for Grid Services Bruno Crispo Vrije Universiteit Amsterdam.

Trust and Security for Next Generation Grids, Implementing UCON with XACML for Grid Services Bruno Crispo Vrije Universiteit Amsterdam.
News in XACML 3.0 and application to the cloud Erik Rissanen, Axiomatics

News in XACML 3.0 and application to the cloud Erik Rissanen, Axiomatics
Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.

Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.
1 Authorization XACML – a language for expressing policies and rules.

1 Authorization XACML – a language for expressing policies and rules.
XML Security Standards — Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

XML Security Standards — Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Approaches to generalization of XACML New challenges for access control 27 th April 2005 Tim Moses.

Approaches to generalization of XACML New challenges for access control 27 th April 2005 Tim Moses.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Authz work in GGF David Chadwick

Authz work in GGF David Chadwick
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.

XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.

Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
NAC 2007 Spring Conference OASIS XACML Update

NAC 2007 Spring Conference OASIS XACML Update
XACML 2.0 in the Enterprise: Use- Cases and Deployment Challenges Prateek Mishra, Frank Villavicencio, Rich Levinson Oracle Identity Management Group 02/07/2006.

XACML 2.0 in the Enterprise: Use- Cases and Deployment Challenges Prateek Mishra, Frank Villavicencio, Rich Levinson Oracle Identity Management Group 02/07/2006.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

Similar presentations

Ads by Google