XACML

Oasis Webinar Questions/Answers

Hello everyone, I thought I might share what Oasis had to say about my questions regarding some XACML practices:

Q: How does XACML resolve duplicate policy IDs?
A: The XACML spec requires that all policy sets, policies, and rules be uniquely identified. The uniqueness is defined on the element id + version number e.g. policy set id + version number. Duplicate policy IDs are therefore an error which should be reported by the PDP.

Q: Is it good practice to always wrap a policy in a policy set? This allows technologies like JAXB to unmarshal to a known type.

GeoXACML

GeoXACML (an extension of XACML), commonly referred to as GeoXACML, is a language designed to specify access control policies to Geo-Spatial data.  Geo-XACML uses XACML’s extension points, meaning the ability to define their own attributes, value spaces, predicates, and functions to check if a given attribute has a specified value.

Syndicate content