OASIS eXtensible access control markup language (XACML) standard

Summary

“XACML 2.0 Core Specification,” which outlines standards and terminology related to access control policies using XACML (eXtensible Access Control Markup Language). It defines key terms such as access, action, attribute, and policies that are used within the XACML framework to govern how access decisions are made in a system. The document discusses the importance of a common language for expressing security policies, particularly in large enterprises, and explains how XML is used as the foundation for this language. It also describes how rules, policies, and policy sets can be combined, and the different algorithms available for this purpose, such as Deny-overrides and Permit-overrides. The text highlights the need for handling multiple subjects, attributes, and operators within security policies, as well as the importance of being able to reference the contents of a resource when making authorization decisions.