XACML Bibliography, Version 1.4

Copyright© OASIS Open 2004 All Rights Reserved.

Editor:  Anne Anderson, Sun Microsystems
Version: 1.4
Updated: 04/10/21 (yy/mm/dd)

This bibliography includes papers, articles, presentations, specifications, and other publications that contain substantial information about XACML or make use of XACML in a substantial way. These are listed here solely for the information of parties interested in XACML. By including these links, neither the XACML TC, nor OASIS itself, is endorsing, recommending, or guaranteeing the accuracy of these publications in any way. This list may be modified at any time as further information about these or other publications becomes known.

2004

• Extensible Access Control Markup Language (XACML), by Robin Cover, Cover Pages page on XACML. Updated regularly. Available at http://xml.coverpages.org/xacml.html.
• Administrative Delegation in XACML, by Erik Rissanen, Babak Sadighi Firozabadi. Swedish Institute of Computer Science. 2 Sept 2004. Submitted to W3C Workshop on Constraints and Capabilities for Web Services. Available at http://www.w3.org/2004/08/ws-cc/erbsf-20040902.
• Constraints and Capabilities for Web Services, Anne Anderson, ed., Sun Microsystems, Inc. 27 Aug 2004. Submitted to W3C Workshop on Constraints and Capabilities for Web Services. Available at http://www.w3.org/2004/08/ws-cc/aaccws-20040827.
• A Comparison of EPAL and XACML, by Anne Anderson, Sun Microsystems, Inc. 12 July 2004. Available at http://research.sun.com/projects/xacml/CompareEPALandXACML.html.
• eXtensible Access Control Markup Language: XACML im Vergleich mit P3P und EPAL, by Stefan Berthold, Technische Universitaet Dresden, Fakultaet Informatik, 28 June 2004. Available at http://dud.inf.tu-dresden.de/~kriegel/ss04/hauptseminar/Berthold2004_HS_XACML.pdf.
• Comparing WSPL and WS-Policy, by Anne Anderson, Sun Microsystems, Inc. 8 June 2004. IEEE Policy 2004 Workshop. Paper available at http://research.sun.com/projects/xacml/Policy2004.pdf. Slides available at http://www.policy-workshop.org/2004/slides/Anderson-WSPL_vs_WS-Policy_v2.pdf.
• WSPL: an XACML-based Web Services Policy Language, by Anne Anderson, Sun Microsystems, Inc. 2004. Available at http://research.sun.com/projects/xacml/wspl_intro.pdf.
• Evaluation of XML Technologies as Applied to Access Control, by David Staggs (SAIC) for Dept. of Veterans Affairs, Veterans Health Administration, Office of Information, 13 Sept 2004. Available at http://www.va.gov/rbac/docs/Veterans_Administration_Lab_Eval_of_XML_Technologies.pdf.
• RSVP policy control using XACML, by E. Toktar, E. Jamhour, and G. Maziero, Policies for Distributed Systems and Networks, 2004. POLICY 2004. Proceedings. Fifth IEEE International Workshop on , 7-9 June 2004, Pages:87 - 96
• XACML and Federated Identity, by Hal Lockhart, BEA Systems, NASA Scientific and Engineering Workstation Procurement (SEWP) Security Symposium, 1 June 2004.
• Access management for distributed systems: Role-based cascaded delegation, by Roberto Tamassia, Danfeng Yao, William H. Winsborough. June 2004. Proceedings of the ninth ACM symposium on Access control models and technologies.
• CCOW Healthcare Implementation Using OASIS Standards, by Ed Coyne, Veterans Health Administration, 28-29 April 2004. VHA Health Information Architecture. Available at http://www.va.gov/rbac/docs/VHA_OASIS_CCOW_Briefing.ppt.
• XML Web Services and Security, by Bob Daly. Date uncertain. Available at http://www.sims.berkeley.edu/~bdaly/cde/security/WebServicesSecurityIS219.html.

2003

• Modeling Delegation of Rights in a simplified XACML with Haskell, by Frank Siebenlist, Argonne Nat. Labs/Global Grid Forum, 18 Nov 2003. Available at http://www-unix.mcs.anl.gov/~franks/haskell/XacmlDelegationHaskell0.html.
• An XACML-based Policy Management and Authorization Service for Globus Resources, by Markus Lorch, Dennis Kafura, Sumit Shah, Virginia Tech, Fourth International Workshop on Grid Computing, Phoenix, AZ, 17 Nov 2003. Available at http://csdl.computer.org/comp/proceedings/grid/2003/2026/00/20260208abs.htm.
• Certificate-based authorization policy in a PKI environment, by Mary R. Thompson, Abdelilah Essiari, Srilekha Mudumbai. ACM Transactions on Information and System Security (TISSEC), Volume 6 Issue 4. November 2003.
• First Experiences Using XACML for Access Control in Distributed Systems, by Markus Lorch, Seth Proctor, Rebekah Lepro, Dennis Kafura and Sumit Shah. Presented at the ACM Workshop on XML Security 31 October 2003, Fairfax, VA, USA. Slides available at http://zuni.cs.vt.edu/publications/xml-security-xacml-experiences-presentation.pdf.
• XML security: Certificate validation service using XKMS for computational grid, by Namje Park, Kiyoung Moon, Sungwon Sohn. 31 October 2003. Proceedings of the 2003 ACM workshop on XML security.
• Access control: An access control framework for business processes for web services, by Hristo Koshutanski, Fabio Massacci. 31 October 2003. Proceedings of the 2003 ACM workshop on XML security.
• The Formal Semantics of XACML, by Polar Humenn, Syracuse University, Oct 2003. Available at http://lists.oasis-open.org/archives/xacml/200310/pdf00000.pdf.
• Virtual enterprise access control requirements, by M. Coetzee, J. H. P. Eloff. September 2003. Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
• XACML J2SE[TM] Platform Policy Profile, by Anne Anderson, Sun Microsystems, Inc. 21 July 2003. Available at http://research.sun.com/projects/xacml/J2SEPolicyProvider.html.
• XACML: a new standard protects content in the enterprise data exchange, XMLMania, 7 July 2003. Available at http://www.xmlmania.com/documents_article_8.php.
• An Introduction to XACML, by Michael Armstrong, SANS Institute, 29 June 2003. Available at http://www.giac.org/practical/GSEC/Michael_Armstrong_GSEC.pdf.
• XACML: A New Standard Protects Content in Enterprise Data Exchange, Java.Sun.Com technical article, 24 June 2003. Available at http://java.sun.com/developer/technicalArticles/Security/xacml/xacml.html.
• XACML, Quickstudy by Russell Kay, Computerworld, 19 May 2003. Available at http://www.computerworld.com/developmenttopics/development/story/0,10801,81295,00.html.
• An XACML Glossary, by Russell Kay, Computerworld, 19 May 2003. Available at http://www.computerworld.com/developmenttopics/development/story/0,10801,81294,00.html.
• Digital rights management and fair use by design: Fair use, DRM, and trusted computing, by John S. Erickson. April 2003. Communications of the ACM, Volume 46 Issue 4.
• Multimedia and visualization: Self-manifestation of composite multimedia objects to satisfy security constraints, by Vijayalakshmi Atluri, Nabil Adam, Ahmed Gomaa, Igg Adiwijaya. March 2003. Proceedings of the 2003 ACM symposium on Applied computing.
• XACML -- A No-Nonsense Developer's Guide, by Vance McCarthy, Enterprise Developer News, 24 Feb 2003. Available at http://www.idevnews.com/TipsTricks.asp?ID=57.
• Getting Started with XML Security: Authorization Rules: XML Access Control Markup Language (XACML), tutorial, SitePoint, date uncertain. Available at http://www.sitepoint.com/article/933/8.

2002

• Designing a distributed access control processor for network services on the Web, by Reiner Kraft. Proceedings of the 2002 ACM workshop on XML security. November 2002.
• Dynamically authorized role-based access control for secure distributed computation, by C. Joncheng Kuo, Polar Humenn. November 2002. Proceedings of the 2002 ACM workshop on XML security.
• Towards securing XML Web services, by Ernesto Damiani, Sabrina De Capitani di Vimercati, Pierangela Samarati. November 2002. Proceedings of the 2002 ACM workshop on XML security.