XACML Project

Web Services Profile of XACML (WS-XACML)

The Web Services Profile of XACML (WS-XACML) is an active working draft within the OASIS eXtensible Access Control Markup Language (XACML) Technical Committee. It proposes XACML-based formats for Web Services policy Assertions for authorization and privacy policies. The formats allow the Assertions to be matched automatically.

• Web Services Profile of XACML (WS-XACML), by Anne Anderson, slides presented at the OASIS XACML TC Face-to-Face meeting 13 March 2007 pdf
• XACML TC Work in Progress. Contains a link to the current draft of the WS-XACML Profile.

XACML-based Web Services Policy Constraint Language (WS-PolicyConstraints) documents

WS-PolicyConstraints is a generic, domain-independent language for expressing constraints for a web services policy (constraints are also known as predicates or assertions). With this language, constraints for any type of policy can be written without requiring changes to the policy processor. WS-PolicyConstraints is designed to complement higher level policy frameworks (such as WS-Policy), as well as to facilitate policy intersection and direct verification of messages against policies. A module supporting policies written in the WS-PolicyConstraints language can co-exist with modules supporting domain-specific policy languages such as WS-SecurityPolicy or WS-ReliableMessaging policy

• Domain-Independent, Composable Web Services Policy Assertions, by Anne Anderson, Proceedings of the 7th IEEE International Workshop on Policies for Distributed Systems and Networks, 6 June 2006 pdf
• Web Services Policies, by Anne Anderson, IEEE Security & Privacy Magazine, May/June 2006 pdf
• Archives of OASIS discussion list on Domain-Independent Policy Assertion Language (dipal-discuss@lists.oasis-open.org) December 2005 - February 2006
• Domain-Independent Web Services Policy Assertion Language, 23 November 2005; introductory slides; pdf
• WS-PolicyConstraints: A Domain-Independent Web Services Policy Assertion Language, 3 November 2005; an introductory whitepaper; pdf
• XACML-Based Web Services Policy Constraint Language (WS-PolicyConstraints) Most recent draft of the language specification; pdf
• WS-Security policy profile of WS-PolicyConstraints, Working Draft 04 , 1 December 2005; an example of using WS-PolicyConstraints for policies related to WS-Security; pdf

XACML-based Web Services Policy Language documents:

Much of WS-PolicyConstraints is based on the XACML-based Web Services Policy Language developed within the OASIS XACML TC: XACML profile for Web-services (WSPL).

• Predicates for Boolean Web Service Policy Languages, WWW 2005 Workshop on Policy Management for the Web, slides, pdf; short paper, pdf
• Comparing WSPL and WS-Policy, IEEE Policy 2004; slides; pdf
• An Introduction to the Web Services Policy Language (WSPL), IEEE Policy 2004; short paper; pdf
• WSPL: An XACML-based Web Services Policy Language, 30 January 2004; slides; pdf

OASIS eXtensible Access Control Markup Language (XACML) documents:

XACML is a standard language for expressing access control and privacy policies. It supports role based access control and is integrated with the OASIS Security Assertion Markup Language (SAML).

• OASIS eXtensible Access Control Markup Language (XACML), by Anne Anderson, 21 June 2006, presentation to U.S. Govt. XML Community of Practice slides; pdf
• A Comparison of Two Privacy Policy Languages: EPAL and XACML, 3 November 2005; Sun Labs Technical Report; pdf
• Sun's XACML Implementation, an open source implementation of XACML in the Java programming language, available royalty-free under a BSD license
• Key Differences Between XACML and EPAL, New Challenges for Access Control 2005, 27 April 2005, slides, pdf
• The Relationship Between XACML and P3P Privacy Policies html
• XACML J2SE Platform Policy Profile html
• Namespace Definitions

Other documents:

• Policies in the Alphabet Soup Slides for keynote talk presented at IEEE Policy06 5 June 2006; review of policy languages and systems in standards; includes speaker's notes; pdf