Stack Overflow
Stack Overflow

Questions tagged [xacml2]

XACML 2.0 refers to the 2.0 specification of the eXtensible Access Control Markup Language (XACML), ratified by the OASIS standards group in February 2005.

XACML 2.0 is the second version of the eXtensible Access Control Markup Language (XACML). As of April 2014, XACML has 3 versions: XACML 1.0, XACML 2.0, and XACML 3.0. The latest version is XACML 3.0.

Overall XACML 2.0 and XACML 3.0 achieve the same functionality which is to define fine-grained, attribute-based access control policies. Please refer to the XACML tag wiki for additional details.

XACML 2.0 defines a fixed number of attribute categories whereas XACML 3.0 lets users define custom attribute categories although, usually, the same categories are eventually used in XACML 2.0 and XACML 3.0.

XACML 2.0 provides support for static obligations. XACML 3.0 provides support for dynamic obligations and advice.

XACML 2.0 is defined in 2 schema files: one for the policy language and one for the request. XACML 3.0 is defined in a single schema file.

Both XACML 2.0 and XACML 3.0 use the same conceptual architecture.

Other versions of XACML include:

  • XACML 1.0
  • XACML 1.1
  • XACML 2.0
  • XACML 3.0

XACML 1.0, 1.1, and 2.0 are extremely similar. XACML 3.0 brings new differences which make the standard more generic.

40 questions
9
votes
3 answers

How does XACML 3.0 differ from XACML 2.0?

I'm considering migrating my client application from using a XACML 2.0 authorization service to using a newer XACML 3.0 service. What changes or issues will I run into in migrating my client app from making XACML 2.0 requests to making XACML 3.0…
dthorpe
  • 35,318
  • 5
  • 75
  • 119
4
votes
1 answer

How to Manage Trust between PEP and PDP

I am working with distributed scenario in which I have multiple instances of PEP and PDP , in such a scenario how PDP will validate that XACML request is coming from my trusted PEP.
Utsav
  • 1,593
  • 4
  • 22
  • 46
4
votes
1 answer

Open source policy editor tool for XACML 3.0 policy creation

I am using XACML 3.0 for authorization in my project is their any open source policy editor tool so that I can create policies on the fly.
Utsav
  • 1,593
  • 4
  • 22
  • 46
3
votes
2 answers

Is it possible to compare attributes in a XACML policy?

The following rule says subjects with role "acme_manager" can perform any action on the resource "/acme/widgets":
Ouananiche
  • 579
  • 5
  • 12
2
votes
1 answer

How to reference external set of permissions in an XACML policy?

Originally, I asked "How do you write a policy that requires a subject be granted access to a requested permission, where the set of allowed permissions is in an external attribute store. Can you reference an external set of permissions in a…
s_t_e_v_e
  • 2,496
  • 3
  • 31
  • 35
2
votes
1 answer

How do I apply XACML rules to every child URI?

I'm working with XACML policies and I have a rule that includes a resource target similar to the following:
josh-cain
  • 4,997
  • 7
  • 35
  • 55
2
votes
1 answer

XACML Bags operations

Assume we have a bag of booleans. Is there a function that can tell whether the number of "true" values is larger than some constant (e.g., 5)? I came across "n-of" function, but it requires multiple separate attributes as an input and not a bag...…
Michael
  • 357
  • 2
  • 12
2
votes
1 answer

Why both PolicySet and Policy are needed?

I've read through the 3.0 specs and had a question here: I found PolicySet and Policy share many similarities like the combining algorithms, etc. And to accommodate more levels, PolicySet also can be self-containable. If so, why not merge PolicySet…
hsluoyz
  • 2,739
  • 5
  • 35
  • 59
2
votes
2 answers

Optimize way to Match Policies in the PDP in a Distributed Environment

Hi I have gone through many use cases regarding XACML , but i don't know what is the best way to load policies in the PDP. As per the PDP workflow defined by the OASIS i understood that when the incoming request will come to the PDP . PDP is…
user3409289
2
votes
1 answer

XACML Policy based on User Domain

Hi I want to create a policy based on domain so I want to use Regular Expression : ^([a-zA-Z0-9_.-])+\@mydomain.com. So in this case I need a policy where any user belong to mydomain.com can access the resources based on the rules. How the policy…
Utsav
  • 1,593
  • 4
  • 22
  • 46
2
votes
1 answer

Multiple Decisions Profile Policy in XACML 3.0

I have requirement to write a policy for the particular user it will return the xacml response like this : This policy is based on single user : bob FirstName: Create= true , Read = true, Update = true, Delete = false MiddleName: Create= true ,…
Utsav
  • 1,593
  • 4
  • 22
  • 46
2
votes
1 answer

XACML3 Policy with multiple actions,subjects and resources

Can i have the sample XACML3 Policy which has multi attributes such as actions,subjects and resources?
Nadendla
  • 712
  • 2
  • 7
  • 17
1
vote
1 answer

URL accessible at specific hours only XACML

I have a knotty problem (at least for me) to solve In a nutshell: A web server exposing a single URL (static page) the URL should only be accessible between 9 am and 5 pm (everyday) the whole thing should be implemented through…
terence
  • 45
  • 7
1
vote
1 answer

Context changes in XACML

How does the context handler (in XACML) detect context changes? I know one responsibility of context handler is to translate the original request into XACML canonical format but how it addresses context changes?
Mary Dvr
  • 21
  • 1
1
vote
1 answer

Evaluating multi-valued Attribute in XACML 2.0 policy

How can I evaluate multi-valued attributes in XACML 2.0? I have the following XACML 2.0 policy and request. The user gets a permit if he is in the role of super-admin. Having multiple roles as elements within the same…
user098
  • 89
  • 6
1
2 3