|
XACML stands for "eXtensible Access Control Markup Language". The standard defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate access requests according to the rules defined in policies. As a published standard specification, one of the goals of XACML is to promote common terminology and interoperability between access control implementations by multiple vendors. XACML is primarily an Attribute Based Access Control system (ABAC), where attributes (bits of data) associated with a user or action or resource are inputs into the decision of whether a given user may access a given resource in a particular way. Role-based access control (RBAC) can also be implemented in XACML as a specialization of ABAC. The XACML model supports and encourages the separation of the access decision from the point of use. When access decisions are baked into client applications (or based on local machine userids and Access Control Lists (ACLs)), it is very difficult to update the decision criteria when the governing policy changes. When the client is decoupled from the access decision, authorization policies can be updated on the fly and affect all clients immediately. ==History== Version 2.0 was ratified by OASIS standards organization on February 1, 2005. The first committee specification of XACML 3.0 was released August 10, 2010.〔(【引用サイトリンク】url=http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#CURRENT )〕 The latest version, XACML 3.0, was standardized in January 2013.〔(eXtensible Access Control Markup Language (XACML) V3.0 approved as an OASIS Standard ), eXtensible Access Control Markup Language (XACML) V3.0 approved as an OASIS Standard.〕 The first version of administrative policy profile working draft was publicly released on April 1, 2009.〔(【引用サイトリンク】url=http://xml.coverpages.org/XACML-v30-HierarchicalResourceProfile-WD7.pdf )〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「XACML」の詳細全文を読む スポンサード リンク
|