En esta página puede obtener un análisis detallado de una palabra o frase, producido utilizando la mejor tecnología de inteligencia artificial hasta la fecha:
The eXtensible Access Control Markup Language (XACML) is an XML-based standard markup language for specifying access control policies. The standard, published by OASIS, defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.
XACML is primarily an attribute-based access control system. In XACML, attributes – information about the subject accessing a resource, the resource to be addressed, and the environment – act as inputs for the decision of whether access is granted or not. XACML can also be used to implement role-based access control.
In XACML, access control decisions to be taken are expressed as Rules. Each Rule comprises a series of conditions which decide whether a given request is approved or not. If a Rule is applicable to a request but the conditions within the Rule fail to evaluate, the result is Indeterminate. Rules are grouped together in Policies, and a PolicySet contains Policies and possibly other PolicySets. Each of these also includes a Target, a simple condition that determines whether it should be evaluated for a given request. Combining algorithms can be used to combine Rules and Policies with potentially differing results in various ways. XACML also supports obligations and advice expressions. Obligations specify actions which must be executed during the processing of a request, for example for logging. Advice expressions are similar, but may be ignored.
XACML separates access control functionality into several components. Each operating environment in which access control is used has a Policy Enforcement Point which implements the functionality to demand authorization and to grant or deny access to resources. These refer to an environment-independent and central Policy Decision Point which actually makes the decision on whether access is granted. The PDP refers to policies stored in the Policy Retrieval Point (PRP). Policies are managed through a Policy Administration Point (PAP).
Version 3.0 was ratified by OASIS in January 2013.