XACML Bibliography, Version 1.10
Copyright© OASIS Open 2004 All Rights
Editor: Anne Anderson, Sun Microsystems <Anne.Anderson@Sun.COM>
Updated: 04/11/05 (yy/mm/dd)
This bibliography includes papers, articles, presentations,
specifications, and other publications that contain substantial
information about XACML or make use of XACML in a substantial
way. These are listed here solely for the information of parties
interested in XACML. By including these links, neither the XACML
TC, nor OASIS itself, is endorsing, recommending, or guaranteeing
the accuracy of these publications in any way. Neither the XACML
TC nor OASIS itself guarantees the completeness or accuracy of
this list. This list may be modified at any time as further
information about these or other publications becomes known.
Additional submissions for listings are invited by the editor.
- Extensible Access Control Markup Language (XACML), by
Robin Cover, Cover Pages page on XACML. Updated regularly.
Available at http://xml.coverpages.org/xacml.html.
- Trust, Access Control, and Rights for Web Services, Part
2, by Sams Publishing, 12 Oct 2004. Available at http://www.devshed.com/c/a/Security/Trust-Access-Control-and-Rights-for-Web-Services-Part-2/4/.
- Experiences with NMI at Michigan: NSF Middleware
Initiative, by Shawn McKee, 1 October 2004, NMI/SURA
Testbed Workshop. Available at http://www.nsf-middleware.org/testbed/meetings/I2workshop04/UMich_NMI_Results_at_I2-Y3.ppt.
- Collaboration and security in CNL's virtual
laboratory, by Andrew Tokmakoff, Yuri Demchenko and
Martin Snijders. WACE 2004, 23 September 2004. Available at
- Evaluation of XML Technologies as Applied to Access
Control, by David Staggs (SAIC) for Dept. of Veterans
Affairs, Veterans Health Administration, Office of
Information, 13 Sept 2004. Available at http://www.va.gov/rbac/docs/Veterans_Administration_Lab_Eval_of_XML_Technologies.pdf.
- Administrative Delegation in XACML, by Erik Rissanen, Babak
Sadighi Firozabadi. Swedish Institute of Computer Science. 2
Sept 2004. Submitted to W3C Workshop on Constraints and
Capabilities for Web Services. Available at http://www.w3.org/2004/08/ws-cc/erbsf-20040902.
- Constraints and Capabilities for Web Services, Anne
Anderson, ed., Sun Microsystems, Inc. 27 Aug 2004.
Submitted to W3C Workshop on Constraints and Capabilities for
Web Services. Available at http://www.w3.org/2004/08/ws-cc/aaccws-20040827.
- Access Control Methods for UDDI in Web Services using
XACML, presented by Dr. Dong-Il Shin, Sejong University,
Republic of Korea, 6th ASTAP Forum. ASTAP04/FR08/EG.IS/04.
- A Comparison of EPAL and XACML, by Anne Anderson, Sun
Microsystems, Inc. 12 July 2004. Available at http://research.sun.com/projects/xacml/CompareEPALandXACML.html.
- WALDEN: A Scalable Solution for Grid Account
Management, by Beth Kirschner, et al., 5th IEEE/ACM
International Workshop on Grid Computing (Grid 2004), 5 July 2004.
Available at http://www-personal.engin.umich.edu/~hacker/papers/gridmapfile.pdf.
- eXtensible Access
Control Markup Language: XACML im Vergleich mit P3P und
EPAL, by Stefan Berthold, Technische Universitaet
Dresden, Fakultaet Informatik, 28 June 2004. Available at http://dud.inf.tu-dresden.de/~kriegel/ss04/hauptseminar/Berthold2004_HS_XACML.pdf.
- Comparing WSPL and WS-Policy, by Anne Anderson, Sun
Microsystems, Inc. 8 June 2004. IEEE Policy 2004 Workshop.
Paper available at http://research.sun.com/projects/xacml/Policy2004.pdf.
Slides available at http://www.policy-workshop.org/2004/slides/Anderson-WSPL_vs_WS-Policy_v2.pdf.
- An Introduction to the Web Services Policy Language,
by Anne Anderson, Sun Microsystems, Inc., 8 June 2004. IEEE
Policy 2004 Workshop. Available at http://research.sun.com/projects/xacml/Policy2004.pdf.
- LionShare Security Model, by Derek Morr; May 2004 Internet2 Member Meeting,
19-21 April, Arlington, VA. Available at http://lionshare.its.psu.edu/main/info/docspresentation/ls_sec_i2.pdf.
- LionShare Peer-to-Peer Security Model, Security
Whitepaper, by Derek Morr, et al.. Shibboleth, **DRAFT**; 15 April 2004. Available at lionshare.its.psu.edu/twiki/pub/Developers/LionShareP2PSecurityWhitepaper/SecurityWPv2.doc.
- X.509 Proxy Certificates for dynamic delegation, by
Von Welch, et al., 3rd Annual PKI R&D Workshop, Gaithersburg,
MD, USA, 12-14 April 2004. Available at http://www.globus.org/Security/papers/pki04-welch-proxy-cert-final.pdf.
- RSVP policy control using XACML, by E. Toktar,
E. Jamhour, and G. Maziero, Policies for Distributed Systems
and Networks, 2004. POLICY 2004. Proceedings. Fifth IEEE
International Workshop on , 7-9 June 2004, Pages:87 - 96.
Slides available at http://www.policy-workshop.org/2004/slides/Toktar-RSVPPolicyControlUsingXACML.ppt.
Paper available through http://csdl.computer.org/comp/proceedings/policy/2004/2141/00/21410087abs.htm".
- XACML and Federated Identity, by Hal Lockhart, BEA
Systems, NASA Scientific and Engineering Workstation
Procurement (SEWP) Security Symposium, 1 June 2004.
Available at http://lists.oasis-open.org/archives/xacml/200406/ppt00000.ppt.
- Access management for distributed systems: Role-based
cascaded delegation, by Roberto Tamassia, Danfeng Yao,
William H. Winsborough. June 2004. Proceedings of the ninth
ACM symposium on Access control models and technologies
(SACMAT). See www.cs.brown.edu/people/dyao/sacmat2004.ppt.
- Role-Based Access Control (RBAC) Role Engineering Process,
Version 3.0, developed for The Healthcare RBAC Task Force
by SAIC, 11 May 2004. Available at http://www.va.gov/RBAC/docs/HealthcareRBACTFRoleEngineeringProcessv3.0.pdf.
- CCOW Healthcare Implementation Using OASIS Standards,
by Ed Coyne, Veterans Health Administration, 28-29 April
2004. VHA Health Information Architecture. Available at http://www.va.gov/rbac/docs/VHA_OASIS_CCOW_Briefing.ppt.
- Access Control in a Distributed Decentralized Network: An
XML Approach to Network Security using XACML and SAML, by
Paul J. Mazzuca, Dartmouth College TR2004-506, Spring 2004.
Available at ftp://ftp.cs.dartmouth.edu/TR/TR2004-506.pdf
- WSPL: an XACML-based Web Services Policy Language, by
Anne Anderson, Sun Microsystems, Inc., 27 January 2004.
Available at http://research.sun.com/projects/xacml/wspl_intro.pdf.
- Design Document: SweGrid Accounting System Security
Design, by Thomas Sandholm and Olle Mulmo, 22 January
2004. Available at http://www.pdc.kth.se/grid/sgas/docs/SGAS-SEC-DD-0.1.pdf.
- XML Web Services and Security, by Bob Daly. Date
uncertain. Available at http://www.sims.berkeley.edu/~bdaly/cde/security/WebServicesSecurityIS219.html.
- Exploring a Multi-Faceted Framework for SOC: How to
develop secure web-service interactions?, by Kees Leune,
et al., Tilburg University, Infolab, The Netherlands. 2004.
Available at http://www.leune.org/publications/psfiles/ride04_leune.pdf.
- Modeling Delegation of Rights in a simplified XACML with
Haskell, by Frank Siebenlist, Argonne Nat. Labs/Global
Grid Forum, 18 Nov 2003. Available at http://www-unix.mcs.anl.gov/~franks/haskell/XacmlDelegationHaskell0.html.
- An XACML-based Policy Management and Authorization Service
for Globus Resources, by Markus Lorch, Dennis Kafura,
Sumit Shah, Virginia Tech, Fourth International Workshop on
Grid Computing, Phoenix, AZ, 17 Nov 2003. Available at http://csdl.computer.org/comp/proceedings/grid/2003/2026/00/20260208abs.htm.
- The PRIMA System for Privilege Management, Authorization
and Enforcement in Grid Environments, by M. Lorch, et
al., 4th Int. Workshop on Grid Computing - Grid 2003, 17
November 2003. Available at http://zuni.cs.vt.edu/publications/PRIMA-2003.pdf.
- Certificate-based authorization policy in a PKI
environment, by Mary R. Thompson, Abdelilah Essiari,
Srilekha Mudumbai. ACM Transactions on Information and
System Security (TISSEC), Volume 6 Issue 4. November 2003.
Available at dsd.lbl.gov/security/Akenti/Papers/ACMTISSEC.pdf.
- First Experiences Using XACML for Access Control in
Distributed Systems, by Markus Lorch, Seth
Proctor, Rebekah Lepro, Dennis Kafura and Sumit Shah.
Presented at the ACM Workshop on XML Security 31 October
2003, Fairfax, VA, USA. Slides available at http://zuni.cs.vt.edu/publications/xml-security-xacml-experiences-presentation.pdf.
- XML security: Certificate validation service using XKMS
for computational grid, by Namje Park, Kiyoung Moon,
Sungwon Sohn. 31 October 2003. Proceedings of the 2003 ACM
workshop on XML security. Available through http://cftest.acm.org/portal/citation.cfm?id=968577.
- Policy Management for OGSA Applications as Grid Services
(Work in Progress), by Lavanya Ramakrishnan, MCNC-RDI
Research and Development Institute. 8 Oct 2003. Available at http://www-unix.mcs.anl.gov/~keahey/DBGS/DBGS_files/dbgs_papers/ramakrishnan.pdf.
- Access control: An access control framework for business
processes for web services, by Hristo Koshutanski, Fabio
Massacci. 31 October 2003. Proceedings of the 2003 ACM
workshop on XML security.
- Enterprise Privacy Authorization Language (EPAL),
Matthias Schunter, ed., IBM Research Report. 1 October
2003. Available at http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/.
- The Formal Semantics of XACML, by Polar Humenn, Syracuse
University, Oct 2003. Available at http://lists.oasis-open.org/archives/xacml/200310/pdf00000.pdf.
- ebxmlrr 2.1-final1 open source freebXML Registry, 16 September
2003. Available at http://www.freebxml.org/ebxmlrr_final.htm>.
- Virtual enterprise access control requirements, by
M. Coetzee, J. H. P. Eloff. September 2003. Proceedings of
the 2003 annual research conference of the South African
institute of computer scientists and information
technologists on Enablement through technology. Available
- Web Services Security, by
Mark O'Neill with Phillip Hallam-Baker, Sean Mac Cann, Mike
Shema, Ed Simon, Paul A. Watters and Andrew White, Pages:
312, Publisher: McGraw-Hill Professional, ISBN: 0072224711.
Contains a chapter on XACML. Review available at http://www.net-security.org/review.php?id=89.
- XACML J2SE[TM] Platform Policy Profile, by Anne
Anderson, Sun Microsystems, Inc. 21 July 2003. Available at
- XACML: a new standard protects content in the enterprise data
exchange, XMLMania, 7 July 2003. Available at http://www.xmlmania.com/documents_article_8.php.
- An Introduction to XACML, by Michael Armstrong, SANS
Institute, 29 June 2003. Available at http://www.giac.org/practical/GSEC/Michael_Armstrong_GSEC.pdf.
- XACML: A New Standard Protects Content in Enterprise Data
Exchange, Java.Sun.Com technical article, 24 June 2003.
Available at http://java.sun.com/developer/technicalArticles/Security/xacml/xacml.html.
- XACML, Quickstudy by Russell Kay, Computerworld, 19
May 2003. Available at http://www.computerworld.com/developmenttopics/development/story/0,10801,81295,00.html.
- Sun XACML 1.0 Implementation Provides Attribute Management
Techniques, Paragon Pinnacles, 19 May 2003, Article#9821,
Volume 63, Issue 3. Available at http://newsletter.paragon-systems.com/articles/63/3/feature/9821.
- An XACML Glossary, by Russell Kay, Computerworld, 19 May
2003. Available at http://www.computerworld.com/developmenttopics/development/story/0,10801,81294,00.html.
- Securing Web Services for Use as Enterprise-Class Business
Systems, an AmberPoint Whitepaper, May 2003. Available
- Digital rights management and fair use by design: Fair
use, DRM, and trusted computing, by John S. Erickson.
April 2003. Communications of the ACM, Volume 46 Issue 4.
Available through portal.acm.org/citation.cfm?id=641205.641226.
- Multimedia and visualization: Self-manifestation of
composite multimedia objects to satisfy security
constraints, by Vijayalakshmi Atluri, Nabil Adam, Ahmed
Gomaa, Igg Adiwijaya. March 2003. Proceedings of the 2003
ACM symposium on Applied computing. Available at http://cftest.acm.org/portal/citation.cfm?id=952715.
- XACML -- A No-Nonsense Developer's Guide, by Vance
McCarthy, Enterprise Developer News, 24 Feb 2003.
Available at http://www.idevnews.com/TipsTricks.asp?ID=57.
- XACML Will Help Enterprises In Three Areas, by Ray
Wagner, Gartner, 21 February 2003. Available at http://www3.gartner.com/resources/113300/113307/113307.pdf.
- Getting Started with XML Security: Authorization Rules:
XML Access Control Markup Language (XACML), tutorial,
SitePoint, date uncertain. Available at http://www.sitepoint.com/article/933/8.
- Constrained delegation in XML-based Access Control and
Digital Rights Management Standards, by Guillermo Navarro
(Universitat Autonoma de Barcelona), Babak Sadighi Firozabadi
(Swedish Institute of Computer Science), Erik Rissanen
(Swedish Institute of Computer Science), Joan Borrell
(Universitat Autonoma de Barcelona). Available at http://ccd.uab.es/~guille/var/ny2003.pdf.
- Authorization Center Project (authZ), CMU. 2003. Available
- Designing a distributed access control processor for
network services on the Web, by Reiner Kraft.
Proceedings of the 2002 ACM workshop on XML security.
- Dynamically authorized role-based access control for
secure distributed computation, by C. Joncheng Kuo, Polar
Humenn. November 2002. Proceedings of the 2002 ACM workshop
on XML security.
- Towards securing XML Web services, by Ernesto
Damiani, Sabrina De Capitani di Vimercati, Pierangela
Samarati. November 2002. Proceedings of the 2002 ACM
workshop on XML security.