XACML References and Products, Version 1.83

Version: 1.83
Updated: 07/07/31 (yy/mm/dd)

These lists include publications, standards, products, and specifications that contain substantial information about XACML or make use of XACML in a substantial way. These are listed here solely for the information of parties interested in XACML. By including these links, neither the XACML TC, nor OASIS itself, is endorsing, recommending, or guaranteeing the accuracy of the referenced statements, publications, standards, or products in any way. Neither the XACML TC nor OASIS itself guarantees the completeness or accuracy of the information in this list of references. This list may be modified at any time as further information about these or other publications and products becomes known. Additional submissions for listings and corrections should be sent to xacml-users@lists.oasis-open.org.

Bibliography
Related Standards
Products and Deployments
XACML Attribute Definitions

Bibliography

This bibliography includes papers, articles, presentations, specifications, and other publications that contain substantial information about XACML or make use of XACML in a substantial way.

2007
2006
2005
2004
2003
2002

2007

Extensible Access Control Markup Language (XACML), by Robin Cover, Cover Pages page on XACML. Updated regularly. Available at http://xml.coverpages.org/xacml.html.
Conformance Checking of Access Control Policies Specified in XACML, by Vincent C. Hu, Evan Martin, JeeHyun Hwang, Tao Xie, Proceedings of the 1st IEEE International Workshop on Security in Software Engineering, July 23-27, 2OO7. Available at http://people.engr.ncsu.edu/txie/publications.htm#iwsse07.
WS-XACML: Authorization and Privacy Policies for Web Services, by Anne Anderson, slides presented as part of the OASIS XACML Webinar, 12 July 2007. Available at http://www.oasis-open.org/committees/download.php/24656/WS-XACML-OASIS-Webinar07.pdf.
Towards a Fine-Grained Access Control Model and Mechanisms for Semantic Databases, by Franzoni, Stefano; Mazzoleni, Pietro; Valtolina, Stefano; Bertino, Elisa; IEEE International Conference on Web Services, 2007 (ICWS 2007), 9-13 July 2007. Available at http://ieeexplore.ieee.org/iel5/4279552/4279553/04279698.pdf?tp=&arnumber=4279698&isnumber=4279553.
Access Control for Collaborative Systems: A Web Services Based Approach, by El Kalam, Anas Abou; Deswarte, Yves; Baina, Amine; Kaaniche, Mohamed; IEEE International Conference on Web Services, 2007 (ICWS 2007), 9-13 July 2007. Available at http://ieeexplore.ieee.org/iel5/4279552/4279553/04279707.pdf?tp=&arnumber=4279707&isnumber=4279553.
Companies Demonstrate Interoperability of XACML OASIS Standard, Burton Group's Catalyst Conference, June 28, 2007. Available at http://xml.coverpages.org/XACML-CatalystInterop2007.html.
NETCONF access control profile for XACML, by L. Seitz, E. Rissanen, June 25, 2007. Available at http://xml.coverpages.org/draft-seitz-netconf-xacml-00.txt.
Overriding of Access Control in XACML, by Alqatawna, Ja'far; Rissanen, Erik; Sadighi, Babak; Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, 2007 (POLICY '07), 13-15 June 2007. Available at http://ieeexplore.ieee.org/iel5/4262556/4262557/04262576.pdf?tp=&arnumber=4262576&isnumber=4262557.
XACML-Based Composition Policies for Ambient Networks, by Kamienski, Carlos; Fidalgo, Joseane; Dantas, Ramide; Sadok, Djamel; Ohlman, Borje; Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, 2007 (POLICY '07), 13-15 June 2007. Available at http://ieeexplore.ieee.org/iel5/4262556/4262557/04262575.pdf?tp=&arnumber=4262575&isnumber=4262557.
XACML Function Annotations, by Rao, Prathima; Lin, Dan; Bertino, Elisa; Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, 2007 (POLICY '07), 13-15 June 2007. Available at http://ieeexplore.ieee.org/iel5/4262556/4262557/04262585.pdf?tp=&arnumber=4262585&isnumber=4262557.
Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications, by Demchenko, Yuri; Gommans, Leon; Laat, Cees de; Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, 2007 (POLICY '07), 13-15 June 2007. Available at http://ieeexplore.ieee.org/iel5/4262556/4262557/04262586.pdf?tp=&arnumber=4262586&isnumber=4262557.
Privacy management: Privacy-aware role based access control, by Qun Ni, Alberto Trombetta, Elisa Bertino, Jorge Lobo; Proceedings of the 12th ACM symposium on Access control models and technologies (SACMAT '07), June 2007. Available at http://portal.acm.org/ft_gateway.cfm?id=1266848&type=pdf&coll=portal&dl=ACM&CFID=25486648&CFTOKEN=53310702.
Policy management: An approach to evaluate policy similarity, by Dan Lin, Prathima Rao, Elisa Bertino, Jorge Lobo; Proceedings of the 12th ACM symposium on Access control models and technologies (SACMAT '07), June 2007. Available at http://portal.acm.org/ft_gateway.cfm?id=1266842&type=pdf&coll=portal&dl=ACM&CFID=25486648&CFTOKEN=53310702.
Automated Test Generation for Access Control Policies via Change-Impact Analysis, by Evan Martin, Tao Xie,Proceedings of the 3rd International Workshop on Software Engineering for Secure Systems (SESS 2007), May 2007. Available at http://people.engr.ncsu.edu/txie/publications.htm#sess07.
Access control and trust on the web: Analyzing web access control policies, by Vladimir Kolovski, James Hendler, Bijan Parsia; Proceedings of the 16th international conference on World Wide Web (WWW '07), May 2007. Available at http://portal.acm.org/ft_gateway.cfm?id=1242664&type=pdf&coll=portal&dl=ACM&CFID=25486648&CFTOKEN=53310702.
Testing and Analysis of Access Control Policies, by Martin, Evan; 29th International Conference on Software Engineering - Companion, 2007 (ICSE 2007 Companion), 20-26 May 2007. Available at http://ieeexplore.ieee.org/iel5/4222653/4222654/04222687.pdf?tp=&arnumber=4222687&isnumber=4222654.
Automated deployment and Aggregated access control for SOA composite applications, by Poddar, Indrajit; Goldszmidt, German; 10th IFIP/IEEE International Symposium on Integrated Network Management, 2007 (IM '07), May 21 2007. Available at http://ieeexplore.ieee.org/iel5/4258513/4258514/04258616.pdf?tp=&arnumber=4258616&isnumber=4258514.
A Fault Model and Mutation Testing of Access Control Policies, by Evan Martin, Tao Xie, Proceedings of the 16th International Conference on World Wide Web (WWW 2007), May 2007. Available at http://people.engr.ncsu.edu/txie/publications.htm#www07.
Using SAML and XACML for Complex Authorisation Scenarios in Dynamic Resource Provisioning, by Demchenko, Yuri; Gommans, Leon; de Laat, Cees; The Second International Conference on Availability, Reliability and Security, 2007 (ARES 2007), 10-13 April 2007. Available at http://ieeexplore.ieee.org/iel5/4159773/4159774/04159811.pdf?tp=&arnumber=4159811&isnumber=4159774.
Short papers: Addressing interoperability issues in access control models, by Vishwas Patil, Alessandro Mei, Luigi V. Mancini; Proceedings of the 2nd ACM symposium on Information, computer and communications security (ASIACCS '07), March 2007. Available at http://portal.acm.org/ft_gateway.cfm?id=1229337&type=pdf&coll=portal&dl=ACM&CFID=25486648&CFTOKEN=53310702.
Meta Access Management System (MAMS) Federation Workshop, 3 January 2007. Available at http://www.federation.org.au/twiki/pub/Federation/Federation2ndWorkshop/20060727MAMSFederationworkshop.ppt.
Shibboleth: XACML-ARPs, Scott Cantor, Matthias Ebert, Shibboleth Project, 1 January 2007. Available at https://spaces.internet2.edu/display/SHIB/ShibXACML.
Enabling Web Services Policy Negotiation with Privacy preserved using XACML, by Cheng, V.S.Y.; Hung, P.C.K.; Chiu, D.K.W.; 40th Annual Hawaii International Conference on System Sciences, 2007 (HICSS 2007), Jan. 2007. Available at http://ieeexplore.ieee.org/iel5/4076361/4076362/04076434.pdf?tp=&arnumber=4076434&isnumber=4076362.
Comparing approaches for advanced e-health security infrastructures, by B. Blobel; International Journal of Medical Informatics, Volume 76, Issue 5-6, Pages 454-459. Available at http://linkinghub.elsevier.com/retrieve/pii/S1386505606002176.
Modelling privilege management and access control, by B. Blobel, R. Nordberg, J. Davis, P. Pharow; International Journal of Medical Informatics, Volume 75, Issue 8, Pages 597-623. Available at http://linkinghub.elsevier.com/retrieve/pii/S1386505605001747.

2006

Defining and Measuring Policy Coverage in Testing Access Control Policies, by Evan Martin, Tao Xie, Ting Yu, Proceedings of the 8th International Conference on Information and Communications Security (ICICS 2006), Dec 2006. Available at http://people.engr.ncsu.edu/txie/publications.htm#icics06.
A Synchronous Multimedia Annotation System for Secure Collaboratories, by Schroeter, R.; Hunter, J.; Guerin, J.; Khan, I.; Henderson, M.; e-Science and Grid Computing, 2006. e-Science '06. Second IEEE International Conference on Dec. 2006 Page(s):41 - 41. Available at http://ieeexplore.ieee.org/iel5/4030972/4030973/04031014.pdf?tp=&arnumber=4031014&isnumber=4030973.
Domain Based Access Control Model for Distributed Collaborative Applications, by Demchenko, Y.; de Laat, C.; Gommans, L.; van Buuren, R.; e-Science and Grid Computing, 2006. e-Science '06. Second IEEE International Conference on Dec. 2006 Page(s):24 - 24. Available at http://ieeexplore.ieee.org/iel5/4030972/4030973/04030997.pdf?tp=&arnumber=4030997&isnumber=4030973.
Implementation Experiences On IHE XUA and BPPC, by Namli, T., Dogac A., SR&DC Technical Report#2006-14, December 2006, Middle East Technical University, Turkey. Available at http://www.srdc.metu.edu.tr/webpage/publications/2006/XUA-BPPC.pdf.
Using Attribute-Based Access Control to Enable Attribute-Based Messaging, by Bobba, R.; Fatemieh, O.; Khan, F.; Gunter, C.A.; Khurana, H.; 22nd Annual Computer Security Applications Conference, 2006 (ACSAC '06), Dec. 2006. Available at http://ieeexplore.ieee.org/iel5/4041138/4041139/04041185.pdf?tp=&arnumber=4041185&isnumber=4041139.
An Attribute-Based Access Control Model for Web Services, by Shen Hai-bo; Hong Fan; Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, 2006 (PDCAT '06), Dec. 2006. Available at http://ieeexplore.ieee.org/iel5/4032130/4032131/04032153.pdf?tp=&arnumber=4032153&isnumber=4032131.
Providing secure coordinated access to grid services, by David W. Chadwick, Linying Su, Romain Laborde; Proceedings of the 4th international workshop on Middleware for grid computing (MCG '06), November 2006. Available at http://portal.acm.org/ft_gateway.cfm?id=1186677&type=pdf&coll=portal&dl=ACM&CFID=25486648&CFTOKEN=53310702.
Towards Secure Information Sharing and Management in Grid Environments, by Jin, Jing; Ahn, Gail-Joon; International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2006 (CollaborateCom 2006), 17-20 Nov. 2006. Available at http://ieeexplore.ieee.org/iel5/4207500/4207501/04207564.pdf?tp=&arnumber=4207564&isnumber=4207501.
Role-based access control for data service integration, by Peter Lamb, Robert Power, Gavin Walker, Michael Compton, Proceedings of the 3rd ACM workshop on Secure web services SWS '06, November 2006. Available at http://portal.acm.org/citation.cfm?id=1180371.
Access Control and Authorization for Security of RFID Multi-Domain Using SAML and XACML, by Dong Seong Kim; Taek-Hyun Shin; Jong Sou Park; 2006 International Conference on Computational Intelligence and Security, Volume 2, 3-6 Nov. 2006. Available at http://ieeexplore.ieee.org/iel5/4072023/4076086/04076236.pdf?tp=&arnumber=4076236&isnumber=4076086.
Agent-Based Delegation Model for the Secure Web Service in Ubiquitous Computing Environments, by Hyun Sik Hwang; Hyuk Jin Ko; Kyu Il Kim; Ung Mo Kim; Dong Soon Park; Hybrid Information Technology, 2006. ICHIT '06. Vol1. International Conference on Volume 1, Nov. 2006 Page(s):51 - 57. Available at http://ieeexplore.ieee.org/iel5/4021046/4021047/04021066.pdf?tp=&arnumber=4021066&isnumber=4021047.
XACML and Authentication Levels, by Anne Anderson, ENISA Workshop on a common European language to identify security levels of authentication methods, 29 November 2006. Available at http://www.enisa.eu.int/doc/pdf/other/auth%5Fws/XACML-and-Authentication.pdf.
An extended RBAC profile of XACML, by Diala Abi Haidar, Nora Cuppens-Boulahia, Frederic Cuppens, Herve Debar, Proceedings of the 3rd ACM workshop on Secure web services SWS '06, November 2006. Available at http://portal.acm.org/citation.cfm?id=1180372.
A comparison of two privacy policy languages: EPAL and XACML, by Anne H. Anderson, Proceedings of the 3rd ACM workshop on Secure web services SWS '06, November 2006. Available at http://portal.acm.org/citation.cfm?id=1180378.
Schema-Driven Security Filter Generation For Distributed Data Integration, by Hui Dong; Zhimin Wang; Morris, R.A.; Sellers, D.; 1st IEEE Workshop on Hot Topics in Web Systems and Technologies, 2006 (HOTWEB '06), 13-14 Nov. 2006. Available at http://ieeexplore.ieee.org/iel5/4178372/4178373/04178387.pdf?tp=&arnumber=4178387&isnumber=4178373.
Agent-Based Delegation Model for the Secure Web Service in Ubiquitous Computing Environments, by Hyun Sik Hwang; Hyuk Jin Ko; Kyu Il Kim; Ung Mo Kim; Dong Soon Park; International Conference on Hybrid Information Technology, 2006 (ICHIT '06), Volume 1, Nov. 2006. Available at http://ieeexplore.ieee.org/iel5/4021046/4021047/04021066.pdf?tp=&arnumber=4021066&isnumber=4021047.
A Unified Access Control Infrastructure Using Attributes and Ontology in E-Learning Resource Grids, by Changqin Huang; Yonghe Wu; Zhanjie Wu; Zhiting Zhu; 2006 International Conference on Computational Intelligence and Security, Volume 2, 3-6 Nov. 2006. Available at http://ieeexplore.ieee.org/iel5/4072023/4076086/04076212.pdf?tp=&arnumber=4076212&isnumber=4076086.
Workshop Report: W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement, W3C, 17-18 October 2006. Available at http://www.w3.org/2006/07/privacy-ws/report.
XACML-Based Privacy Policy Languages, by Anne Anderson; Sun Position Paper, W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement, W3C, 17-18 October 2006. Available at http://www.w3.org/2006/07/privacy-ws/presentations/17-anderson-position.pdf.
Automated test generation for access control policies, by Evan Martin, Companion to the 21st ACM SIGPLAN conference on Object-oriented programming languages, systems, and applications (OOPSLA '06), October 2006. Available at http://portal.acm.org/citation.cfm?id=1176708.
Phosphorus Work Package 4: Authentication, Authorization and Accounting, by L. Gommans, M. Cristea, Y. Demchenko, Univ. of Amsterdam, 16 October 2006. Available at http://staff.science.uva.nl/~lgommans/pdf/poznankickoff.pdf.
Composing Administrative Scope of Delegation Policies based on extended XACML, by Xiao Feng Li, Feng Deng Guo; 10th IEEE International Enterprise Distributed Object Computing Conference, October 2006(EDOC '06). Available at http://ieeexplore.ieee.org/iel5/4031176/4031177/04031242.pdf?isnumber=4031177&arnumber=4031242.
Security policies analysis using Pellet, by Victor Rodriguez-Herola, 3 October 2006. Available at http://lists.mindswap.org/pipermail/pellet-users/2006-October/000956.html.
Flexible and Secure Logging of Grid Data Access, by Weide Zhang; Del Vecchio, D.; Wasson, G.; Humphrey, M.; 7th IEEE/ACM International Conference on Grid Computing, 28-29 Sept. 2006. Available at http://ieeexplore.ieee.org/iel5/4100428/4100429/04100458.pdf?tp=&arnumber=4100458&isnumber=4100429.
Tutorial 6: International Conference on Security in SOA and Web Services Web Services, 2006 (ICWS '06), Dept. of Comput. Sci., Purdue Univ., Sept. 2006. Available at http://ieeexplore.ieee.org/iel5/4031979/4031980/04032005.pdf?tp=&arnumber=4032005&isnumber=4031980.
Dynamic Regeneration of Workflow Specification with Access Control Requirements in MANET, by Fung, C.K.; Hung, P.C.K.; Kearns, W.M.; Uczekaj, S.A.; International Conference on Web Services, 2006 (ICWS '06), Sept. 2006. Available at http://ieeexplore.ieee.org/iel5/4031979/4031980/04032092.pdf?tp=&arnumber=4032092&isnumber=4031980.
Dynamic Regeneration of Workflow Specification with Access Control Requirements in MANET, by Fung, C.K.; Hung, P.C.K.; Kearns, W.M.; Uczekaj, S.A.; Web Services, 2006. ICWS '06. International Conference on Sept. 2006 Page(s):761 - 769. Available at http://ieeexplore.ieee.org/iel5/4031979/4031980/04032092.pdf?tp=&arnumber=4032092&isnumber=4031980.
gLite Java Authorisation Framework (gJAF) and Authorisation Policy coordination, by Yuri Demchenko, MWSG meeting, EGEE'06 Conference, 27 September 2006. Available at http://staff.science.uva.nl/~demch/presentations/EGEE06-mwsg-gjaf-yd.pdf.
Using attribute-based access control to enable attribute-based messaging, by Fariba Mahboobe Khan, Master's thesis UIUC, 19 September 2006. Available at http://seclab.cs.uiuc.edu/pubs/KhanMSThesis.pdf.
Assessment of Access Control Systems, by Vincent C. Hu, David F. Ferraiolo, D. Rick Kuhn, September 2006, Interagency Report 7316, Computer Security Division, Information Technology Laboratory, NIST. Available at http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf.
Model driven development of secure XML databases, by Belén Vela, Eduardo Fernández-Medina, Esperanza Marcos, Mario Piattini, ACM SIGMOD Record, Volume 35 Issue 3, September 2006. Available at http://portal.acm.org/citation.cfm?id=1168095.
Using Workflow for Dynamic Security Context Management in Grid-based Applications, by Demchenko, Y.; Gommans, L.; de Laat, C.; Taal, A.; Wan, A.; Mulmo, O.; 7th IEEE/ACM International Conference on Grid Computing, 28-29 Sept. 2006. Available at http://ieeexplore.ieee.org/iel5/4100428/4100429/04100457.pdf?tp=&arnumber=4100457&isnumber=4100429.
Security and Authorization Issues in HL7 Electronic Health Records: A Semantic Web Services Based Approach, by Richard Scott Patterson, Masters Thesis, Univ. of Georgia, U.S.A., 31 August 2006. Available at http://lsdis.cs.uga.edu/~rsp/patterson_richard_s_200612.pdf.
A platform for dynamic spectrum access network experimentation, by L. E. Doyle, K. Nolan, T. K. Forde, P. Argryoudis, P. Sutton, D. Sarath, G. Baldwin, M. Ammann; Proceedings of the first international workshop on Technology and policy for accessing spectrum (TAPAS '06), August 2006. Available at http://portal.acm.org/ft_gateway.cfm?id=1234394&type=pdf&coll=portal&dl=ACM&CFID=25486648&CFTOKEN=53310702.
Medical Data Privacy and Security, by Alfred C. Weaver, 28-29 MS-HUG Tech Forum 2006, August 2006. Available at http://www.mshug.org/docs/techforum_fall2006/alfredWeaver.pdf.
A Service-Oriented Approach to Enforce Grid Resource Allocations, by T. Sandholm, P. Gardfjall, E. Elmroth, O. Mulmo, L. Johnsson, International Journal of Cooperative Information Systems, Vol. 15, No. 3 (2006) 439-459, 7 August 2006. Available at http://www.cs.umu.se/~elmroth/papers/SGASIJCIS_2006.pdf.
XACML and WS-Trust, by Mark O'Neill, Vordel, 21 August 2006; Document ID doi:10.1016/j.istr.2005.02.002. Available at http://dx.doi.org.
Signet and XACML, Signet Working Group, Internet2, 18 August 2006. Available at http://middleware.internet2.edu/signet/minutes/Signet-18-August-2006.html.
A Multipolicy Authorization Framework for Grid Security, by Bo Lang; Foster, I.; Siebenlist, F.; Ananthakrishnan, R.; Freeman, T.; Network Computing and Applications, 2006. NCA 2006. Fifth IEEE International Symposium on 24-26 July 2006 Page(s):269 - 272. Available at http://ieeexplore.ieee.org/iel5/11018/34749/01659506.pdf?tp=&arnumber=1659506&isnumber=34749.
An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench, by Carolyn A. Brodie, Clare-Marie Karat, John Karat, Proceedings of the second symposium on Usable privacy and security SOUPS '06, July 2006. Available at http://portal.acm.org/citation.cfm?id=1143123.
Authorisation Using Attributes from Multiple Authorities, by Chadwick, D.W.; 15th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2006 (WETICE '06), June 2006. Available at http://ieeexplore.ieee.org/iel5/4092163/4092164/04092231.pdf?tp=&arnumber=4092231&isnumber=4092164.
OASIS eXtensible Access Control Markup Language (XACML), by Anne Anderson, presentation to XML Community of Practice, Architecture and Infrastructure Committee of the CIO Council, Emerging Technology Subcommittee, XML.gov, 21 June 2006. Available at http://www.sunlabs.com/projects/xacml/XMLCOP_060620_slides.pdf.
Policy-based Service Provisioning and Dynamic Trust Management in Identity Federations, by Boursas, L.; Hommel, W.; Communications, 2006 IEEE International Conference on Volume 5, June 2006 Page(s):2370 - 2375. Available at http://ieeexplore.ieee.org/iel5/4024074/4024439/04024519.pdf?tp=&arnumber=4024519&isnumber=4024439.
Using XACML Documents to Secure WebLogic Resources, BEA, 28 June 2006. Available at http://e-docs.bea.com/wls/docs92/secwlres/xacmlusing.html.
Privacy preserving trust authorization framework using XACML, by U.M. Mbanaso, G.S. Cooper, D.W. Chadwick, and S. Proctor; in International Symposium on a World of Wireless, Mobile and Multimedia Networks, 26-29 June 2006 (WoWMoM 2006). Available at http://portal.acm.org/ft_gateway.cfm?id=1139481&type=pdf&coll=ACM&dl=ACM&CFID=15151515&CFTOKEN=6184618.
Using Workflow for Dynamic Security Context Management in Complex Resource Provisioning, by Yuri Demchenko, Leon Gommans, Cees de Laat, Arie Taal, Alfred Wan, June 19-23 2006, HPDC2006 - 15th IEEE HPDC Conference. Available at http://staff.science.uva.nl/~lgommans/pdf/hpdc2006-workflow-dynamic-security-context-01.pdf.
The secondary and approximate authorization model and its application to Bell-LaPadula policies, by Jason Crampton, Wing Leung, Konstantin Beznosov, Proceedings of the eleventh ACM symposium on Access control models and technologies SACMAT '06, 7-9 June 2006. Available at http://portal.acm.org/ft_gateway.cfm?id=1133075&type=pdf&coll=ACM&dl=ACM&CFID=425981&CFTOKEN=90967802.
A usage-based authorization framework for collaborative computing systems, by Xinwen Zhang, Masayuki Nakae, Michael J. Covington, Ravi Sandhu, Proceedings of the eleventh ACM symposium on Access control models and technologies SACMAT '06, 7-9 June 2006. Available at http://portal.acm.org/ft_gateway.cfm?id=1133084&type=pdf&coll=ACM&dl=ACM&CFID=425981&CFTOKEN=90967802.
Role-based access management for ad-hoc collaborative sharing, by Jing Jin, Gail-Joon Ahn, Proceedings of the eleventh ACM symposium on Access control models and technologies SACMAT '06, 7-9 June 2006. Available at http://portal.acm.org/ft_gateway.cfm?id=1133086&type=pdf&coll=ACM&dl=ACM&CFID=425981&CFTOKEN=90967802.
Towards reasonability properties for access-control policy languages, by Michael Carl Tschantz, Shriram Krishnamurthi, Proceedings of the eleventh ACM symposium on Access control models and technologies SACMAT '06, 7-9 June 2006. Available at http://www.cs.brown.edu/~sk/Publications/Papers/Published/tk-reasonability-ac-pol/.
XACML policy integration algorithms: not to be confused with XACML policy combination algorithms!, by P. Mazzoleni, E. Bertino, B. Crispo, Proceedings of the eleventh ACM symposium on Access control models and technologies SACMAT '06, 7-9 June 2006. Available at http://portal.acm.org/ft_gateway.cfm?id=1133089&type=pdf&coll=ACM&dl=ACM&CFID=425981&CFTOKEN=90967802.
Coordination between Distributed PDPs, by D. Chadwick, L. Su, O. Otenko, R. Laborde, Proceedings of the 7th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2006), London, Ontario Canada, June 5-7 2006. Available at http://doi.ieeecomputersociety.org/10.1109/POLICY.2006.14.
A Scalable History-based Policy Engine, by Gama, P.; Ribeiro, C.; Ferreira, P.. Proceedings of the 7th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2006), London, Ontario Canada, June 5-7 2006. Available at http://ieeexplore.ieee.org/iel5/10867/34209/01631162.pdf?isnumber=34209&prod=CNF&arnumber=1631162&arSt=+10+pp.&ared=&arAuthor=Gama%2C+P.%3B+Ribeiro%2C+C.%3B+Ferreira%2C+P.
Self-Describing Delegation Networks for the Web, by Lalana Kagal, Tim Berners-Lee, Dan Connolly, Daniel Weitzner, Proceedings of the 7th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2006), London, Ontario Canada, June 5-7 2006. Available at http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/proceedings/&toc=comp/proceedings/policy/2006/2598/00/2598toc.xml&DOI=10.1109/POLICY.2006.29. TBD
PBMAN: A Policy-based Management Framework for Ambient Networks, Proceedings of the 7th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2006), London, Ontario Canada, June 5-7 2006. Available at http://ieeexplore.ieee.org/iel5/10867/34209/01631158.pdf?isnumber=34209&prod=CNF&arnumber=1631158&arSt=+4+pp.&ared=&arAuthor=Kamienski%2C+C.%3B+Fidalgo%2C+J.%3B+Sadok%2C+D.%3B+Lima%2C+J.%3B+Pereira%2C+L.%3B+Ohlman%2C+B.
Inferring Access-Control Policy Properties via Machine Learning, by Evan Martin and Tao Xie, Proceedings of the 7th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2006), London, Ontario Canada, June 5-7 2006. Available at http://www.csc.ncsu.edu/faculty/xie/publications.htm#policy06.
Domain-Independent, Composable Web Services Policy Assertions, by Anne Anderson, Proceedings of the 7th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2006), London, Ontario Canada, June 5-7 2006. Available at http://research.sun.com/projects/xacml.
A Basis for Comparing Characteristics of Policy Systems, by Seraphin Calo, Jorge Lobo, Proceedings of the 7th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2006), London, Ontario Canada, June 5-7 2006. Available at http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/proceedings/&toc=comp/proceedings/policy/2006/2598/00/2598toc.xml.
Policies in the Alphabet Soup, by Anne Anderson, keynote talk at 7th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2006), London, Ontario Canada, 5 June 2006 2006. Available at http://research.sun.com/projects/xacml.
An Authorization Scenario for S-OGSA, by Pinar Alper, Oscar Corcho, Michael Parkin, Ioannis Kotsiopoulos, Paolo Missier, Sean Bechhofer, Carole Goble, Demo at 3rd European Semantic Web Conference 2006 (ESWC2006), 11-14 June 2006. Available at http://www.eswc2006.org/demo-papers/FD09-Alper.pdf.
Policy-Based Integration of User and Provider-Sided Identity Management, by Wolfgang Hommel, ETRICS 2006, June 6-9, 2006, Spring-Verlag LNCS 2006, pp. 160-174, 2006. Available at http://www.lrz-muenchen.de/~hommel/papers/etrics2006.pdf.
Web services policies, by A. Anderson, IEEE Security & Privacy Magazine, Volume 4, Issue 3, May-June 2006, Pages:84-87. Available at http://ieeexplore.ieee.org/iel5/8013/34312/01637390.pdf?tp=&arnumber=1637390&isnumber=34312.
Security Mechanisms for Data Intensive Systems, by P. Periorellis, J. Wu, P. Watson, Online Proceedings of the IEEE Web Services Security Symposium (WSSS), 21 May 2006. Available at .
Policy Based Access Control in Dynamic Grid-Based Collaboratie Environment, by Yuri Demchenko, Leon Gommans, Cees de Laat, Andrew Tokmakoff, Rene van Buren, submitted to 2006 International Symposium on Collaborative Technologies and Systems (CTS 2006), 14-16 May 2006. Available at http://staff.science.uva.nl/~lgommans/pdf/cts2006-oce-dynamic-access-control-05.pdf.
Browsers and UI, web engineering, hypermedia & multimedia, security, and accessibility: Mobile web publishing and surfing based on environmental sensing data, by Daisuke Morikawa, Masaru Honjo, Satoshi Nishiyama, Masayoshi Ohashi, Proceedings of the 15th international conference on World Wide Web WWW '06, May 2006. Available at http://portal.acm.org/ft_gateway.cfm?id=1135982&type=pdf&coll=ACM&dl=ACM&CFID=425981&CFTOKEN=90967802.
Correctness & security: Access control enforcement for conversation-based web services, by Massimo Mecella, Mourad Ouzzani, Federica Paci, Elisa Bertino, Proceedings of the 15th international conference on World Wide Web WWW '06, May 2006. Available at http://portal.acm.org/ft_gateway.cfm?id=1135818&type=pdf&coll=ACM&dl=ACM&CFID=425981&CFTOKEN=90967802
XACML-Based Policy-Driven Access Control for Mobile Environments, by Qing, X.; Adams, C.; Canadian Conference on Electrical and Computer Engineering, May 2006. Available at http://ieeexplore.ieee.org/iel5/4054516/4054517/04054637.pdf?tp=&arnumber=4054637&isnumber=4054517.
Ontologies and web services: Agents for e-business applications, by A. Negri, A. Poggi, M. Tomaiuolo, P. Turci; Proceedings of the fifth international joint conference on Autonomous agents and multiagent systems (AAMAS '06), May 2006. Available at http://portal.acm.org/ft_gateway.cfm?id=1160795&type=pdf&coll=portal&dl=ACM&CFID=25486648&CFTOKEN=53310702.
SAML and XACML Overview, by Abbie Barbir, ITU-T COM17 Studygroup Tutorial, 25 April 2006. Available at http://www.itu.int/ITU-T/studygroups/com17/tutorials/tutorial_2006_04_25_barbir.pdf.
Evaluating interfaces for privacy policy rule authoring, by Clare-Marie Karat, John Karat, Carolyn Brodie, Jinjuan Feng, Proceedings of the SIGCHI conference on Human Factors in computing systems CHI '06, April 22-27, 2006. Available at http://portal.acm.org/ft_gateway.cfm?id=1124787&type=pdf&coll=ACM&dl=ACM&CFID=425981&CFTOKEN=90967802.
Supporting attribute-based access control with ontologies, by Priebe, T.; Dobmeier, W.; Kamprath, N.; Availability, Reliability and Security, 2006 (ARES 2006). The First International Conference on 20-22 April 2006. Available at http://ieeexplore.ieee.org/iel5/10823/34117/01625344.pdf?tp=&arnumber=1625344&isnumber=34117.
Unlocking repositories: federated security solution for attribute and policy based access to repositories via Web services, by Hatala, M.; Eap, T.; Ashok Shah; The First International Conference on Availability, Reliability and Security, 2006 (ARES 2006), 20-22 April 2006. Available at http://ieeexplore.ieee.org/iel5/10823/34117/01625402.pdf?tp=&arnumber=1625402&isnumber=34117.
Modeling permissions in a (U/X)ML world, by Alam, M.; Breu, R.; Hafner, M.; Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on 20-22 April 2006 Page(s):8 pp. Available at http://ieeexplore.ieee.org/iel5/10823/34117/01625374.pdf?tp=&arnumber=1625374&isnumber=34117.
A reference model for Authentication and Authorisation Infrastructures respecting privacy and flexibility in b2c eCommerce, by Schlager, C.; Nowey, T.; Montenegro, J.A.; Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on 20-22 April 2006 Page(s):8 pp. Available at http://ieeexplore.ieee.org/iel5/10823/34117/01625377.pdf?tp=&arnumber=1625377&isnumber=34117.
XACML Policy Model, by Hal Lockhart, OASIS TC List Posting, 6 Apr 2006. Available at http://xml.coverpages.org/XACML-PolicyModel.html.
Securing web services for deployment in health grids, by D.J. Power, E.A. Politou, M.A. Slaymaker, A.C. Simpson, Future Generation Computer Systems, Volume 22, Issue 5, April 2006, pp. 547-570., Elsevier Science Direct, doi:10.1016/j.future.2005.09.003
Java EE .NET Security Interoperability, by Marina Fisher, 20 April 2006, from "Java EE and .NET Interoperability: Integration Strategies, Patterns, and Best Practices", Prentice Hall. Available at http://www.theserverside.net/tt/articles/content/EENETSecurity/Fisher_13.pdf.
Applying Model Driven Architectural Approaches to Model Role Based Access Control, by X. Jin, Masters Thesis, University of Ottawa, Ottawa, Ontario, Canada., spring 2006. Available at http://www.site.uottawa.ca/~luigi/theses/99_theses_index.htm.
XACML Policy Model, by Anne Anderson, OASIS TC List Posting, 9 Mar 2006. Available at http://lists.oasis-open.org/archives/xacml/200603/msg00007.html.
The TrustCoM Framework for trust, security and contract management of web services and the Grid - V2, edited by Michael Wilson, Alvaro Arenas and Lutz Schubert, March 2006, Council for the Central Laboratory of the Research Councils, Rutherford Appleton Laboratory, Oxfordshire, UK. Available at http://epubs.cclrc.ac.uk/bitstream/901/RAL_Tech_Rep_Trustcom_Framework.pdf.
Domain-Independent Policy Assertion Language, discussion list at OASIS, 2 December 2005 - 28 February 2006. Archives available at http://lists.oasis-open.org/archives/dipal-discuss/.
XACML: The New Standard for Access Control Policy, by Hal Lockhart, RSA Conference 2006, 17 Feb 2006. Available at http://lists.oasis-open.org/archives/xacml/200604/msg00001.html.
Functional Elements Specification, Tan Puay Siew, editor, OASIS Framework for Web Services Implementation TC Committee Draft 2.0, 5 January 2006. Available at http://docs.oasis-open.org/fwsi/v2.0/fwsi-fe-2.0-guidelines-spec-cd-01a.htm.
Privilege Management Infrastructure, ASTM E31.20 Working Draft 0.9k, January 4, 2006. Possibly available to reviewers from: David Staggs.
A method for access authorisation through delegation networks, by Audun Jøsang, Dieter Gollmann, Richard Au, Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54 ACSW Frontiers '06, January 2006. Available at http://portal.acm.org/citation.cfm?id=1151848.
A method for access authorisation through delegation networks, by Audun Jøsang, Dieter Gollmann, Richard Au; Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54 (ACSW Frontiers '06), January 2006. Available at http://portal.acm.org/ft_gateway.cfm?id=1151848&type=pdf&coll=portal&dl=ACM&CFID=25486648&CFTOKEN=53310702.
Conceptual Design of Identity Management in a profile-based access control, by Asem Hassan, 2006 master's thesis at Hamburg University of Technology. Available at http://www.linecity.de/archive/thesis_saml.pdf.
Overriding Of Access Control in XACML, by Ja`far S. Al-Qatawna, No 2006-x-412 2006 master's thesis at Swedish Institute of Computer Science. Available at http://www.dsv.su.se/research/seclab/pages/msckththeses-en.html.
Access Control System for Web-based Applications, by Yakub Gevcen, No 2004-x-193 2006 master's thesis at Swedish Institute of Computer Science. Available at http://www.dsv.su.se/research/seclab/pages/msckththeses-en.html.
A Security Architecture For Authorization Across Federated Domains, by Mattias Avelin, No 2004-x-192 2006 master's thesis at Swedish Institute of Computer Science. Available at http://www.dsv.su.se/research/seclab/pages/msckththeses-en.html.

2005

Access Control Policies: Modeling and Validation, by Mankai, M., Logrippo, L., Proceedings of NOTERE 2005, August 2005. Available at http://www.site.uottawa.ca/~luigi/papers/05_logrippo_mankai.pdf.
Offline Expansion of XACML Policies Based on P3P Metadata, by Claudio Agostino Ardagna, Ernesto Damiani, Sabrina De Capitani di Vimercati, Cristiano Fugazza, Pierangela Samarati, 5th International Conference on Web Engineering (ICWE 2005), July 27-29, 2005, Lecture Notes in Computer Science 3579 Springer 2005, ISBN 3-540-27996-2, pp. 363-374 DOI: http://dx.doi.org/10.1007/11531371_48.
Modelling inter-organizational workflow security in a peer-to-peer environment, by M. Breu, R. Breu, M. Hafner, A. Nowak, Proceedings of the IEEE International Conference on Web Services (ICWS'05), IEEE, 2005. Available at http://doi.ieeecomputersociety.org/10.1109/ICWS.2005.83. DOI: 10.1109/ICWS.2005.83
PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness, by S. Sinclair, S. W. Smith, 5-9 December 2005, 21st Annual Computer Security Applications Conference. Available: http://ieeexplore.ieee.org/iel5/10467/33214/01565269.pdf?tp=&arnumber=1565269&isnumber=33214.
Integrating security policies via Container Portable Interceptors, by Tom Ritter, Rudolf Schreiner, Ulrich Lang, November 28-December 2, 2005, Proceedings of the 4th workshop on Reflective and adaptive middleware systems. Available: http://portal.acm.org/citation.cfm?id=1101521&coll=portal&dl=ACM&CFID=65902895&CFTOKEN=77321372.
Policy Administration Control and Delegation Using XACML and Delegent, by L. Seitz, E. Rissanen, T. Sandholm, B. S. Firozabadi, O. Mulmo, 13-14 November 2005,The 6th IEEE/ACM International Workshop on Grid Computing. Available: http://ieeexplore.ieee.org/iel5/10354/32950/01542723.pdf?tp=&arnumber=1542723&isnumber=32950.
Authorization and Account Management in the Open Science Grid, by G. Carcassi, I. Fisk, T. Freeman, D. Kafura, K. Keahey, M. Lorch, T. Peremutov, A.S. Rana, 13-14 November 2005, The 6th IEEE/ACM International Workshop on Grid Computing. Available: http://ieeexplore.ieee.org/xpls/abs_all.jsp?isnumber=32950&arnumber=1542719&count=50&index=2.
Ad Hoc Grid Security Infrastructure, by K. Amin, M. Hategan, A.R. Mikler, M. Sosonkin, G. von Laszewski, 13-14 November 2005, The 6th IEEE/ACM International Workshop on Grid Computing. Available: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1542726.
Policy-Based Access Control in Peer-to-Peer Grid Systems, by M.P. Barcellos, A. Detsch, L.P. Gaspary, J.F. da Silva, 13-14 November 2005, The 6th IEEE/ACM International Workshop on Grid Computing. Available: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1542731. DOI: 10.1109/GRID.2005.1542731
Web services: Web services enterprise security architecture: a case study, by Carlos Gutiérrez, Eduardo Fernández-Medina, Mario Piattini, 11 November 2005, Proceedings of the 2005 Workshop on Secure Web Services. Available: http://portal.acm.org/citation.cfm?id=1103025&coll=portal&dl=ACM&CFID=65902895&CFTOKEN=77321372.
Reasoning about XACML policies using CSP, by Jery Bryans, 11 November 2005, Proceedings of the 2005 Workshop on Secure Web Services. Available (TechReport version): http://www.dirc.org.uk/publications/techreports/papers/21.pdf.
Authorization for digital rights management in the geospatial domain, by Andreas Matheus, 7 November 2005, Proceedings of the 5th ACM workshop on Digital rights management. Available: http://portal.acm.org/citation.cfm?id=1102546.1102557. Slides: http://www.titr.uow.edu.au/DRM2005/presentations/drm05-matheus.pdf.
Semantic Policy-based Security Framework for Business Processes, by Dong Huang, 7 November 2005, Semantic Web and Policy Workshop, 4th International Semantic Web Conference. Available: http://www.csee.umbc.edu/swpw/papers/huang.pdf.
Finding expertise and information: Real-world oriented information sharing using social networks, Junichiro Mori, Tatsuhiko Sugiyama, Yutaka Matsuo, 6-9 November 2005, Proceedings of the 2005 international ACM SIGGROUP conference on Supporting group work GROUP '05. Available: http://portal.acm.org/citation.cfm?id=1099215&coll=portal&dl=ACM&CFID=65902895&CFTOKEN=77321372.
WS-PolicyConstraints: A Domain-Independent Web Services Policy Assertion Language, by Anne Anderson, 3 November 2005. Available at http://research.sun.com/projects/xacml/IntroToWSPolicyConstraints.pdf.
XACML: Access Control, Under Control, Sun Microsystems Laboratories, 1 November 2005. Available at http://research.sun.com/spotlight/2005_11_01-XACML.html.
XACML-Based Web Services Policy Constraint Language (WS-PolicyConstraints), by Anne Anderson and Balasubramanian Devaraj, Working Draft 06, 24 October 2005. Available at http://research.sun.com/projects/xacml/ws-policy-constraints-current.pdf.
Open Standards for Building Federations, by Dr. Erik Vullings, Meta Access Management System (MAMS), Macquarie E-Learning Centre of Excellence (MELCOE), Macquarie University, 22 October 2005. Available at https://mams.melcoe.mq.edu.au/zope/mams/events/OASIS_20041022/20041022%20-%20Open%20standards%20for%20Federation.ppt/view.
Access-Control Policy Administration in XACML, by Erik Rissanen, Babak Sadighi Firozabadi, 13 October 2005, CRCIM News No. 63. Available at http://fmt.isti.cnr.it/WEBPAPER/p38-39.pdf.
Access Control Policy Administration in XACML, by Erik Rissanen and Babak Sadighi Firozabadi, SICS, Sweden, ERCIM News No. 63, October 2005. Available at http://www.ercim.org/publication/Ercim_News/enw63/.
Secure Federated Access to Grid Applications using SAML/XACML, by Erik Vullings, Markus Buchhorn, and James Dalziel, APAC2005 conference, Gold Coast, Australia; 28 September 2005. Available at https://mams.melcoe.mq.edu.au/zope/mams/kb/all/20050630%20-%20Secure%20Federated%20Access%20to%20Grid%20Applications%20using%20SAML_XACML%20-%20Vullings-Buchhorn-Dalziel.pdf/view. Slides available at https://mams.melcoe.mq.edu.au/zope/mams/kb/all/Erik_Vullings_FINAL.ppt/view.
A XACML-based access control model for web service, by Han Tao, 23-26 September 2005, International Conference on Wireless Communications, Networking and Mobile Computing. Available: http://ieeexplore.ieee.org/iel5/10362/32965/01544254.pdf?tp=&arnumber=1544254&isnumber=32965.
On XACML, role-based access control and health grids, by David Poser, Mark Slaymaker, Eugene Politou, Andrew Simpson, Oxford Univ. Computing Lab, 22 September 2005, The Fourth UK e-Science All Hands Meeting (AHM 2005). Available at http://www.allhands.org.uk/2005/proceedings/papers/378.pdf
Using XML and XACML to Support Attribute Based Delegation, by Chunxiao Ye and Zhongfu Wu, Chongqing University, The Fifth International Conference on Computer and Information Technology (CIT'05), September 2005, pp. 751-756. Available at http://doi.ieeecomputersociety.org/10.1109/CIT.2005.196.
A Comparison of Two Privacy Policy Languages: EPAL and XACML, by Anne Anderson, Sun Labs Technical Report TR-2005-147, September 2005. Available at http://research.sun.com/techrep/2005/abstract-147.html.
Using XACML for Privacy Control in SAML-Based Identity Federations, by Wolfgang Hommel, 9th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2005), in Springer LNCS 3677, pp. 160-169, 19-21 September, 2005. Available at http://www.mnm-team.org/pub/Publikationen/homm05a/PDF-Version/homm05a.pdf.
Evaluation of Mutual Trust during Matchmaking, by Mine Altunay, Brown Douglas, Byrd Gregory, Dean Ralph, Fifth IEEE International Conference on Peer-to-Peer Computing, 31 August - 2 September 2005, Page(s):133 - 140. Available at http://www.inf.uni-konstanz.de/p2p2005/papers/Session6_Evaluation_of_Mutual_Trust.pdf.
Patterns for XACML, by Nelly Delessy, Florida Atlantic University, Secure Systems Research Group, 19 July 2005. Available at http://polaris.cse.fau.edu/~security/public/docs/DissertationReport071805.ppt.
UDDI Access Control, Dai, J.; Steele, R., 04-07 July 2005, Information Technology and Applications, 2005. ICITA 2005. Third International Conference on Volume 2, 04-07 July 2005 Page(s):778 - 783. Available at doi.ieeecomputersociety.org/10.1109/ICITA.2005.291.
Usable security and privacy: a case study of developing privacy management tools, by Carolyn Brodie, Clare-Marie Karat, John Karat, Jinjuan Feng, July 2005, Proceedings of the 2005 symposium on Usable privacy and security SOUPS '05. Available at http://cups.cs.cmu.edu/soups/2005/2005proceedings/p35-brodie.pdf.
Bundle Authentication and Authorization Using XML Security in the OSGi Service Platform, by Hee-Young Lim, Young-Gab Kim, Chang-Joo Moon, Doo-Kwan Baik, July 2005, Proceedings of the Fourth Annual ACIS International Conference on Computer and Information Science (ICIS'05) - Volume 00 ICIS '05. Available at http://portal.acm.org/ft_gateway.cfm?id=1091618&type=external&coll=portal&dl=ACM&CFID=58511907&CFTOKEN=97001797.
WS-Security policy profile of WS-PolicyConstraints, by Anne Anderson, Working Draft 03, 28 June 2005. Available at http://research.sun.com/projects/xacml/ws-security-profile-of-ws-policy-constraints-wd-03.pdf.
GeoXACML, a spatial extension to XACML, by Andreas Matheus, 16 June 2005. Available at http://xml.coverpages.org/GeoXACML-05036.pdf.
Policy Federation - The Final Frontier, by Frank Siebenlist, keynote at IEEE 6th International Workshop on Policies for Distributed Systems and Networks (Policy2005), Jun 6-8 2005, Stockholm, Sweden. Available at http://www.mcs.anl.gov/~franks/policy-federation-policy2005.ppt.
An RBAC-based policy information base, by E. Jamhour, R.C. Nabhen, T.E. Squair, IEEE 6th International Workshop on Policies for Distributed Systems and Networks (Policy2005), Jun 6-8 2005, Stockholm, Sweden. Available at http://doi.ieeecomputersociety.org/10.1109/POLICY.2005.2. DOI 10.1109/POLICY.2005.2
DM-AMS: Employing Data Mining Techniques for Alert Management, by Vandana P. Janeja, Vijayalakshmi Atluri, Ahmed Gomaa, Nabil Adam, Christof Bornhoevd, and Tao Lin, Proceedings of the 2005 national conference on Digital government research, June 2005. Available at http://diggov.org/library/library/dgo2005/alert/janeja_dm-ams.pdf.
Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure, by Andreas Matheus, Proceedings of the tenth ACM symposium on Access control models and technologies, June 2005, Stockholm, Sweden. Available at http://portal.acm.org/ft_gateway.cfm?id=1063983&type=pdf.
Predicates for Boolean web service policy languages, by Anne Anderson, WWW 2005 Workshop on Policy Management for the Web, 10 May 2005. Available at http://www.csee.umbc.edu/pm4w/papers/anderson12.pdf, slides at http://www.csee.umbc.edu/pm4w/presentations/anderson.pdf.
XACML and Role-Based Access Control, by Jason Crampton, Royal Holloway, University of London, DIMACS Workshop on Secure Web Services and e-Commerce, 5-6 May 2005, slides at http://dimacs.rutgers.edu/Workshops/Commerce/slides/crampton.pdf.
Change management: Verification and change-impact analysis of access-control policies, Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, Michael Carl Tschantz; May 2005; Proceedings of the 27th international conference on Software engineering. Available at http://www.cs.brown.edu/~sk/Publications/Papers/Published/fkmt-verif-change-impact-xacml/.
Building Trustworthy Applications: XacT: a bridge between resource management and access control in multi-layered applications, by Maarten Rits, Benjamin De Boe, Andreas Schaad; May 2005; ACM SIGSOFT Software Engineering Notes, Proceedings of the 2005 workshop on Software engineering for secure systems - building trustworthy applications SESS '05, Volume 30 Issue 4. Available at http://portal.acm.org/citation.cfm?id=1083200.1083202.
Authorization-Authentication Using XACML and SAML, by J. Wu, P. Periorellis, CS-TR:907, School of Computing Science, Univ. of Newcastle, UK, May 2005.
A comparison of compression techniques for XML-based security policies in mobile computing environments, by Xuebing Qing, Carlisle Adams, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at http://cserg0.site.uottawa.ca/ncac05/index.html.
Using SPML to provision dynamic XACML rules to manage privacy and access control in Web security infrastructure, by Michel Hétu, Anton Stiglic, Claude Vigeant, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at http://cserg0.site.uottawa.ca/ncac05/index.html.
Policy verification and change impact analysis, by Kathi Fisler, Shriram Krishnamurthi, Leo Meyerovich, Michael Carl Tschantz (Brown Univ), Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at http://cserg0.site.uottawa.ca/ncac05/index.html.
Administrative policies in XACML, by Erik Rissanen, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at http://cserg0.site.uottawa.ca/ncac05/index.html.
The Globus authorization processing framework The Globus authorization processing framework, by Frank Siebenlist, Takuya Mori, Rachana Ananthakrishnan, Liang Fang, Tim Freeman, Kate Keahey, Sam Meder, Olle Mulmo, Thomas Sandholm, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at http://cserg0.site.uottawa.ca/ncac05/index.html.
Approaches to generalization of XACML, by Tim Moses, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at http://cserg0.site.uottawa.ca/ncac05/index.html.
Attribute based access control (ABAC): a new access control approach for service oriented architectures, by Eric Yuan, Jin Tong, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at http://cserg0.site.uottawa.ca/ncac05/index.html.
Key differences between XACML and EPAL, by Anne Anderson, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at http://cserg0.site.uottawa.ca/ncac05/index.html.
Model-driven design and administration of access control in enterprise applications, by Aleksey Studnev, Kathleen Johnson, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at http://cserg0.site.uottawa.ca/ncac05/index.html.
Putting Trust into the Network: Securing Your Network through Trusted Access Control, by Ned Smith (Intel, TCG), Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at http://cserg0.site.uottawa.ca/ncac05/index.html.
A Network Access Control Approach Based on the AAA Architecture and Authorization Attributes, by Lopez, G.; Gomez, A.F.; Marin, R.; Canovas, O.; Parallel and Distributed Processing Symposium, 2005. Proceedings. 19th IEEE International 04-08 April 2005 Page(s):287a - 287a. Slides available at http://www.cs.uccs.edu/~SNS/talks/SSN05_Spain.ppt.
Notes from the field: Implementing a security solution for Web Services, by Allan MacPhee (Entrust) and Mark O'Neill (Vordel), 14 April 2005. Information Security Technical Report Volume 10, Issue 1 , 2005, Pages 25-32; Elsevier; doi:10.1016/j.istr.2005.02.002.
Using XACML and SAML for Authorisation messaging and assertions: XACML and SAML standards overview and usage examples, by Yuri Demchenko, 28 March, 2005. Available at http://www.uazone.org/demch/analytic/draft-authz-xacml-saml-02.pdf
An Introduction to XACML, by Nurmamat. Helil; 11 March 2005; available at http://www.is.pku.edu.cn/dis/ppt/nur1.pdf.
Using XML based security tickets and tokens, or, SAML demystified, by Yuri Demchenko, AIRG, University of Amsterdam; 17 February 2005. Available at http://www.uazone.org/demch/presentations/tf-emc2-authz-ticktok-2005.pdf.
SAML, XACML & the Terrorism Information Sharing Environment, by Martin Smith of the Department of Homeland Security (DHS), February 16, 2005. Available at http://xml.gov/presentations/dhs/infosharing.htm
Globus Toolkit: Authorization Processing, by Frank Siebenlist, Takuya Mori; session: "XACML and Globus: Authorization Policy Framework Integration in the Globus Toolkit", GlobusWORLD 2005, Feb 7-11 2005, Boston, MA. Available at http://www.mcs.anl.gov/~franks/GW05/GW05-XACMLandGlobus-Demo.ppt.pdf or at http://www.globus.org/toolkit/presentations/GW05-XACMLandGlobus-Demo.ppt.pdf.
Access Control for the Grid: XACML, by Anne Anderson; session: "XACML and Globus: Authorization Policy Framework Integration in the Globus Toolkit", GlobusWORLD 2005, Feb 7-11, Boston, MA. Available at http://www.globusworld.org/2005Slides/Session%201b(2).pdf
Network Testing and Performance using SeRIF, by Charles J. Antonelli, David Richter, Olga Kornievskaia, Nathan Gallaher, MGRID Workshop, Ann Arbor, February 2005. Available at http://www.citi.umich.edu/projects/ntap/ntap3-pres/ntap3-mgrid.pdf.
Security System for Distributed Business Applications, by Thomas Schmidt, Gerald Wippel, Klaus Glanzer, Karl Fuerst, 17 January 2005, International Journal of Web Services Research. Available: http://www.igi-online.com/downloads/pdf/itj2733_1sr1rnqcgr.pdf
Differences between XACML versions 1.0 and 2.0, by Eleanor Joslin (Parthenon Computing Ltd), 7 January 2005. Available at http://blog.parthenoncomputing.com/xacml/archives/2005/01/the_differences.html.
How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML), by A. Matheus, System Science, 2005, HICSS '05. Proceedings of the 38th Annual Hawaii International Conference on 03-06 Jan. 2005 Page(s):168a - 168a. Available at http://csdl.computer.org/comp/proceedings/hicss/2005/2268/07/22680168aabs.htm.
Verification et analyse des politiques de controle d'acces: Application au langage XACML, by Mahdi Mankai, Msc Thesis, Universite du Quebec en Outaouais, janvier 2005. Available at http://cserg0.site.uottawa.ca/ftp/pub/Lotos/Theses/.
CT-T: Explainable Policies for Establishing Trust in Web Applications, by Jeff Bradshaw, Pay Hayes, Kent Seamons, Richard Fikes, Deborah McGuinness, Marianne Winslett, Team Proposal to NSF in response to Cyber Trust (CT) solicitation NSF-05-518. Available at http://www.ihmc.us/users/phayes/NSF/EPfETiWA.pdf
Authorization in Trust Management: Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC, by Brian Garback, 2005. Available at html://www.cs.virginia.edu/~bjg5x/AuthorizationTalkForAerospace.ppt.

2004

An efficient caching mechanism for XML content adaptation, by A. Kinno, T. Nakayama, H. Yukitomo, Proceedings of the 10th International Multimedia Modelling Conference (MMM'04), IEEE, 2004. Available at http://doi.ieeecomputersociety.org/10.1109/MULMM.2004.1265001.
Web service authorization framework, by S. Probst, T. Ziebermayr, Proceedings of the IEEE International Conference on Web Services, IEEE, 2004. Available at http://doi.ieeecomputersociety.org/10.1109/ICWS.2004.1314789. DOI: 10.1109/ICWS.2004.1314789
Model driven security for Web services (MDS4WS), by M.M. Alam, M. Breu, R. Breu, 8th International Multitopic Conference, 2004. Proceedings of INMIC 2004, IEEE. Available at http://ieeexplore.ieee.org/xpl/tocresult.jsp?isnumber=32103&isYear=2004&count=134&page=3&ResultStart=75. DOI: 10.1109/INMIC.2004.1492930
A Trusted Information Sharing Project, by Shiu-Kai Chin, Polar Humenn, Thumrongsak Kosiyatrakul, Susan Older, Terrell Northrup, Stuart Thorson, 31 December 2004. Available at http://www.cse.buffalo.edu/caeiae/skm2004/presentation_slides/A-Sessions/1A-01-Chin/1A-01-Chin.pdf
XACML/WSPL, by Thijs van den Berg en Marya Steenman, 16 December 2004. Available at http://www.os3.nl/~mrtn/assignments/XACML.pdf.
Walden: a scalable solution for grid account management, by Kirschner, B.A.; Hacker, T.J.; Adamson, W.A.; Athey, B.D.; Fifth IEEE/ACM International Workshop on Grid Computing, 2004, 8 Nov. 2004. Available at http://doi.ieeecomputersociety.org/10.1109/GRID.2004.66 or http://www.mgrid.umich.edu/projects/walden.pdf.
Meeting central: making distributed meetings more effective, by Nicole Yankelovich, William Walker, Patricia Roberts, Mike Wessler, Jonathan Kaplan, Joe Provino; 6-10 November 2004, Proceedings of the 2004 ACM conference on Computer supported cooperative work 2004, Chicago, Illinois, USA. Available at http://research.sun.com/sunlabsday/docs.2004/CSCW2004-OH.pdf.
Service applications: An OGSA-based accounting system for allocation enforcement across HPC centers, Thomas Sandholm, Peter Gardfjäll, Erik Elmroth, Lennart Johnsson, Olle Mulmo; November 2004; Proceedings of the 2nd international conference on Service oriented computing. Abstract available at http://icsoc.dit.unitn.it/abstracts/A081.pdf. Full paper: http://portal.acm.org/citation.cfm?id=1035167.1035207
XML Security: Control information access with XACML: The objectives, architecture, and basic concepts of eXtensible Access Control Markup Language, by Manish Verma, 18 Oct 2004. Available at http://www-128.ibm.com/developerworks/xml/library/x-xacml/
Privacy protecting data collection in media spaces, by Jehan Wickramasuriya, Mahesh Datt, Sharad Mehrotra, Nalini Venkatasubramanian, 10-16 October, 2004; Proceedings of the 12th annual ACM international conference on Multimedia, 2004, New York, NY, USA. Available at http://www.sigmm.org/apache/video2004/resources/papers/2004/VF_3.pdf. Slides available at http://www.zurich.ibm.com/~mbc/FMSE04/slides/(6)_Nan_Zhang_FMSE04.ppt. Paper: http://portal.acm.org/citation.cfm?id=1029141.
Trust, Access Control, and Rights for Web Services, Part 2, by Sams Publishing, 12 Oct 2004. Available at http://www.devshed.com/c/a/Security/Trust-Access-Control-and-Rights-for-Web-Services-Part-2/4/.
Connecting and Extending Peer-to-Peer Networks LionShare: LionShare White Paper, October 2004. Available at http://lionshare.its.psu.edu/main/info/docspresentation/LionShareWP.pdf.
LionShare: A federated P2P app, by Derek Morr, Fall 2004 Internet2 members meeting. Available at http://lionshare.its.psu.edu/main/info/docspresentation/i2_ls_security.pdf.
http://lionshare.its.psu.edu/main/info/docspresentation/i2_ls_security.pdf.
Security & analysis I: Synthesising verified access control systems in XACML, by Nan Zhang, Mark Ryan, Dimitar P. Guelev; October 2004; Proceedings of the 2004 ACM workshop on Formal methods in security engineering. Slides available at http://www.zurich.ibm.com/~mbc/FMSE04/slides/(6)_Nan_Zhang_FMSE04.ppt. Paper: http://portal.acm.org/citation.cfm?id=1029141.
Experiences with NMI at Michigan, by Shawn McKee, 1 October 2004, NMI/SURA Testbed Workshop. Available at http://www.wlap.org/file-archive/2004/20041001-umwlap001-04-mckee.ppt.
Collaboration and security in CNL's virtual laboratory, by Andrew Tokmakoff, Yuri Demchenko and Martin Snijders. WACE 2004, 23 September 2004. Available at http://www-unix.mcs.anl.gov/fl/flevents/wace/wace2004/talks/tokmakoff.pdf.
Evaluation of XML Technologies as Applied to Access Control, by David Staggs (SAIC) for Dept. of Veterans Affairs, Veterans Health Administration, Office of Information, 13 Sept 2004. Available at http://www.va.gov/rbac/docs/Veterans_Administration_Lab_Eval_of_XML_Technologies.pdf.
Administrative Delegation in XACML, by Erik Rissanen, Babak Sadighi Firozabadi. Swedish Institute of Computer Science. 2 Sept 2004, W3C Workshop on Constraints and Capabilities for Web Services. Available at http://www.w3.org/2004/08/ws-cc/erbsf-20040902.
Constraints and Capabilities for Web Services, Anne Anderson, ed., Sun Microsystems, Inc. 27 Aug 2004. W3C Workshop on Constraints and Capabilities for Web Services. Available at http://www.w3.org/2004/08/ws-cc/aaccws-20040827.
Access Control Methods for UDDI in Web Services using XACML, presented by Dr. Dong-Il Shin, Sejong University, Republic of Korea, 6th ASTAP Forum. ASTAP04/FR08/EG.IS/04. See http://www.aptsec.org/meetings/2004/astap8/paper/ASTAP04-FR08-EG.IS-04_UDDI-WebServices-XACML.doc.
eXtensible Access Control Markup Language: XACML im Vergleich mit P3P und EPAL, by Stefan Berthold, Technische Universitaet Dresden, Fakultaet Informatik, 28 June 2004. Available at http://dud.inf.tu-dresden.de/~kriegel/ss04/hauptseminar/Berthold2004_HS_XACML.pdf.
Modeling and Realizing Security-Critical Inter-Organizational Workflows, by Michael hafner, Instituet fuer Informatik, Univ. Innsbruck, 22 June 2004. Available http://www.smart-systems.at/downloads/Model_Driven_Security_IASSE2004_final.pdf.
Comparing WSPL and WS-Policy, by Anne Anderson, Sun Microsystems, Inc. 8 June 2004. IEEE Policy 2004 Workshop. Paper available at http://research.sun.com/projects/xacml/Policy2004.pdf. Slides available at http://www.policy-workshop.org/2004/slides/Anderson-WSPL_vs_WS-Policy_v2.pdf.
An Introduction to the Web Services Policy Language, by Anne Anderson, Sun Microsystems, Inc., 8 June 2004. IEEE Policy 2004 Workshop. Available at http://research.sun.com/projects/xacml/Policy2004.pdf.
Using uml to visualize role-based access control constraints, by Indrakshi Ray, Na Li, Robert France, Dae-Kyoo Kim; 2-4 June 2004; Symposium on Access Control Models and Technologies; Proceedings of the ninth ACM symposium on Access control models and technologies, Yorktown Heights, New York, USA. Available at http://www.cs.colostate.edu/~iray/research/sacmat04.pdf.
Interactive Protocol Visualization (and a WSPL Case Study), by Sean Cannella, 7 May 2004; Brown University. Available at http://www.cs.brown.edu/people/scannell/wsplv/ipvis.pdf.
LionShare Security Model, by Derek Morr; May 2004 Internet2 Member Meeting, 19-21 April, Arlington, VA. Available at http://lionshare.its.psu.edu/main/info/docspresentation/ls_sec_i2.pdf.
X.509 Proxy Certificates for dynamic delegation, by Von Welch, et al., 3rd Annual PKI R&D Workshop, Gaithersburg, MD, USA, 12-14 April 2004. Abstract available at http://www.globus.org/alliance/publications/papers/pki04-welch-proxy-cert-final.pdf.
RSVP policy control using XACML, by E. Toktar, E. Jamhour, and G. Maziero, Policies for Distributed Systems and Networks, 2004. POLICY 2004. Proceedings. Fifth IEEE International Workshop on , 7-9 June 2004, Pages:87 - 96. Slides available at http://www.policy-workshop.org/2004/slides/Toktar-RSVPPolicyControlUsingXACML.ppt. Paper available through http://csdl.computer.org/comp/proceedings/policy/2004/2141/00/21410087abs.htm".
Who's Master of Your Domain? Web services security in an unfriendly world, by Rickland Hollar, SOA Web Services Journal, 4 June 2004. Available: http://webservices.sys-con.com/read/45097.htm.
XACML and Federated Identity, by Hal Lockhart, BEA Systems, NASA Scientific and Engineering Workstation Procurement (SEWP) Security Symposium, 1 June 2004. Available at http://lists.oasis-open.org/archives/xacml/200406/ppt00000.ppt.
Access management for distributed systems: Role-based cascaded delegation, by Roberto Tamassia, Danfeng Yao, William H. Winsborough. 2-4 June 2004. Proceedings of the ninth ACM symposium on Access control models and technologies (SACMAT). Available at http://www.cs.brown.edu/people/dyao/sacmat2004.ppt.
Role-Based Access Control (RBAC) Role Engineering Process, Version 3.0, developed for The Healthcare RBAC Task Force by SAIC, 11 May 2004. Available at http://www.va.gov/RBAC/docs/HealthcareRBACTFRoleEngineeringProcessv3.0.pdf.
CCOW Healthcare Implementation Using OASIS Standards, by Ed Coyne, Veterans Health Administration, 28-29 April 2004. VHA Health Information Architecture. Available at http://www.va.gov/rbac/docs/VHA_OASIS_CCOW_Briefing.ppt.
Exploring a Multi-Faceted Framework for SOC: How to develop secure web-service interactions?, by Kees Leune, Willem-Jan van den Heuvel, Mike Papazoglou, Tilburg University, Infolab, The Netherlands. Proceedings of RIDE'04, IEEE Press, March 2004. Extended abstract available at http://infolab.uvt.nl/pub/leunek-2004-47.pdf. Full article: http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/proceedings/&toc=comp/proceedings/ride/2004/2095/00/2095toc.xml&DOI=10.1109/RIDE.2004.1281703.
Access Control in a Distributed Decentralized Network: An XML Approach to Network Security using XACML and SAML, by Paul J. Mazzuca, Dartmouth College TR2004-506, Spring 2004. Available at ftp://ftp.cs.dartmouth.edu/TR/TR2004-506.pdf or http://www.cs.dartmouth.edu/reports/abstracts/TR2004-506/.
Introduction To XACML, by Phil Griffin, 19 Feb 2004. Available at http://dev2dev.bea.com/pub/a/2004/02/xacml.html
WSPL: an XACML-based Web Services Policy Language, by Anne Anderson, Sun Microsystems, Inc., 27 January 2004. Available at http://research.sun.com/projects/xacml/wspl_intro.pdf.
Cardea: Requirements, Authorization Model, Standards and Approach, by Rebekah Lepro Metz, Globus World Security Workshop January 23, 2004. Available at http://grid.ncsa.uiuc.edu/gw04-security/GW04-SecWkshp-cardea.ppt.
Design Document: SweGrid Accounting System Security Design, by Thomas Sandholm and Olle Mulmo, 22 January 2004. Available at http://www.pdc.kth.se/grid/sgas/docs/SGAS-SEC-DD-0.1.pdf.
XML Web Services and Security, by Bob Daly. Date uncertain. Available at http://www.sims.berkeley.edu/~bdaly/cde/security/WebServicesSecurityIS219.html.
SHEMP: Secure Hardware Enhanced MyProxy, by John Marchesini and Sean Smith, Technical Report TR2005-532, Dept .of Computer Science, Dartmouth College. 2005. Available at http://www.ists.dartmouth.edu/library/TR2005-532.pdf.

2003

Constrained delegation in XML-based Access Control and Digital Rights Management Standards, by Guillermo Navarro (Universitat Autonoma de Barcelona), Babak Sadighi Firozabadi (Swedish Institute of Computer Science), Erik Rissanen (Swedish Institute of Computer Science), Joan Borrell (Universitat Autonoma de Barcelona), Proceedings of IASTED International Conference on Communication, Network, and Information Security (CNIS), 12/10/2003-12/12/2003. Available at http://www.actapress.com/PDFViewer.aspx?paperId=20405.
Environment adaptive XML transformation and its application to content delivery, by M. Etoh, A. Kinno, M. Morioka, Y. Yonemoto, 2003, Proceedings of the 2003 Symposium on Applications and the INternet (SAINT'03), IEEE Computer Society. Available: http://doi.ieeecomputersociety.org/10.1109/SAINT.2003.1183030.
Modeling Delegation of Rights in a simplified XACML with Haskell, by Frank Siebenlist, Argonne Nat. Labs/Global Grid Forum, 18 Nov 2003. Available at http://www-unix.mcs.anl.gov/~franks/haskell/XacmlDelegationHaskell0.html.
An XACML-based Policy Management and Authorization Service for Globus Resources, by Markus Lorch, Dennis Kafura, Sumit Shah, Virginia Tech, Fourth International Workshop on Grid Computing, Phoenix, AZ, 17 Nov 2003. Available at http://csdl.computer.org/comp/proceedings/grid/2003/2026/00/20260208abs.htm.
The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments, by M. Lorch, et al., 4th Int. Workshop on Grid Computing - Grid 2003, 17 November 2003. Available at http://zuni.cs.vt.edu/publications/PRIMA-2003.pdf.
Certificate-based authorization policy in a PKI environment, by Mary R. Thompson, Abdelilah Essiari, Srilekha Mudumbai. ACM Transactions on Information and System Security (TISSEC), Volume 6 Issue 4. November 2003. Available at dsd.lbl.gov/security/Akenti/Papers/ACMTISSEC.pdf.
Cardea: Dynamic Access Control in Distributed Systems, by Rebekah Lepro, NASA Advanced Supercomputing (NAS) Division, NASA Ames Research Center, NAS Technical Report NAS-03-020, November 2003. Available at http://www.nas.nasa.gov/News/Techreports/2003/PDF/nas-03-020.pdf.
First Experiences Using XACML for Access Control in Distributed Systems, by Markus Lorch, Seth Proctor, Rebekah Lepro, Dennis Kafura and Sumit Shah. Presented at the ACM Workshop on XML Security 31 October 2003, Fairfax, VA, USA. Slides available at http://zuni.cs.vt.edu/publications/xml-security-xacml-experiences-presentation.pdf.
Grid security: requirements, plans and ongoing efforts, by Frank Siebenlist, Invited talk at the ACM Workshop on XML Security 31 October 2003, Fairfax, VA, USA. Slides available at http://www.mcs.anl.gov/~franks/ACMXMLGridSecurity.pdf.
XML security: Certificate validation service using XKMS for computational grid, by Namje Park, Kiyoung Moon, Sungwon Sohn. 31 October 2003. Proceedings of the 2003 ACM workshop on XML security. Available through http://cftest.acm.org/portal/citation.cfm?id=968577.
Policy Management for OGSA Applications as Grid Services (Work in Progress), by Lavanya Ramakrishnan, MCNC-RDI Research and Development Institute. 8 Oct 2003. Available at http://www-unix.mcs.anl.gov/~keahey/DBGS/DBGS_files/dbgs_papers/ramakrishnan.pdf.
Access control: An access control framework for business processes for web services, by Hristo Koshutanski, Fabio Massacci. 31 October 2003. Proceedings of the 2003 ACM workshop on XML security. Available at http://www.unitn.it/convegni/download/icsoc03/doctoral/2_Koshutanski.pdf.
Enterprise Privacy Authorization Language (EPAL), Matthias Schunter, ed., IBM Research Report. 1 October 2003. Available at http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/.
The Formal Semantics of XACML, by Polar Humenn, Syracuse University, Oct 2003. Available at http://lists.oasis-open.org/archives/xacml/200310/pdf00000.pdf.
ebxmlrr 2.1-final1 open source freebXML Registry, 16 September 2003. Available at http://www.freebxml.org/ebxmlrr_final.htm>.
Virtual enterprise access control requirements, by M. Coetzee, J. H. P. Eloff. September 2003. Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology. Available through http://portal.acm.org/citation.cfm?id=954045.
Web Services Security, by Mark O'Neill with Phillip Hallam-Baker, Sean Mac Cann, Mike Shema, Ed Simon, Paul A. Watters and Andrew White, Pages: 312, Publisher: McGraw-Hill Professional, ISBN: 0072224711. Contains a chapter on XACML. Review available at http://www.net-security.org/review.php?id=89.
XACML J2SE[TM] Platform Policy Profile, by Anne Anderson, Sun Microsystems, Inc. 21 July 2003. Available at http://research.sun.com/projects/xacml/J2SEPolicyProvider.html.
XACML: a new standard protects content in the enterprise data exchange, XMLMania, 7 July 2003. Available at http://www.xmlmania.com/documents_article_8.php.
An Introduction to XACML, by Michael Armstrong, SANS Institute, 29 June 2003. Available at http://www.giac.org/practical/GSEC/Michael_Armstrong_GSEC.pdf.
XACML: A New Standard Protects Content in Enterprise Data Exchange, Java.Sun.Com technical article, 24 June 2003. Available at http://java.sun.com/developer/technicalArticles/Security/xacml/xacml.html.
XACML, Quickstudy by Russell Kay, Computerworld, 19 May 2003. Available at http://www.computerworld.com/developmenttopics/development/story/0,10801,81295,00.html.
Sun XACML 1.0 Implementation Provides Attribute Management Techniques, Paragon Pinnacles, 19 May 2003, Article#9821, Volume 63, Issue 3. Available at http://newsletter.paragon-systems.com/articles/63/3/feature/9821.
An XACML Glossary, by Russell Kay, Computerworld, 19 May 2003. Available at http://www.computerworld.com/developmenttopics/development/story/0,10801,81294,00.html.
Securing Web Services for Use as Enterprise-Class Business Systems, an AmberPoint Whitepaper, May 2003. Available at http://www.eaiindustry.org/docs/member%20docs/amberpoint/AmberPoint%20Security.pdf.
Digital rights management and fair use by design: Fair use, DRM, and trusted computing, by John S. Erickson. April 2003. Communications of the ACM, Volume 46 Issue 4. Available through portal.acm.org/citation.cfm?id=641205.641226.
Multimedia and visualization: Self-manifestation of composite multimedia objects to satisfy security constraints, by Vijayalakshmi Atluri, Nabil Adam, Ahmed Gomaa, Igg Adiwijaya. March 2003. Proceedings of the 2003 ACM symposium on Applied computing. Available at http://cftest.acm.org/portal/citation.cfm?id=952715.
XACML -- A No-Nonsense Developer's Guide, by Vance McCarthy, Enterprise Developer News, 24 Feb 2003. Available at http://www.idevnews.com/TipsTricks.asp?ID=57.
XACML Will Help Enterprises In Three Areas, by Ray Wagner, Gartner, 21 February 2003. Available at http://www3.gartner.com/resources/113300/113307/113307.pdf.
Getting Started with XML Security: Authorization Rules: XML Access Control Markup Language (XACML), tutorial, SitePoint, date uncertain. Available at http://www.sitepoint.com/article/933/8.
Authorization Center Project (authZ), CMU. 2003. Available at http://icap.andrew.cmu.edu/authz/.

2002

Designing a distributed access control processor for network services on the Web, by Reiner Kraft. Proceedings of the 2002 ACM workshop on XML security. November 2002. Available at http://www.soe.ucsc.edu/~rekraft/papers/paper_aclp_workshop.pdf.
Dynamically authorized role-based access control for secure distributed computation, by C. Joncheng Kuo, Polar Humenn. November 2002. Proceedings of the 2002 ACM workshop on XML security. Available at http://portal.acm.org/ft_gateway.cfm?id=764807&type=pdf.
Towards securing XML Web services, by Ernesto Damiani, Sabrina De Capitani di Vimercati, Pierangela Samarati. November 2002. Proceedings of the 2002 ACM workshop on XML security. Available at http://seclab.dti.unimi.it/Papers/xmlw.ps.

Related Standards

This list includes open standards that reference XACML.

ASTM E31 Committee: Healthcare Privilege Management Infrastructure: http://www.va.gov/rbac/docs/ASTMEPMV0_9.doc.
ANSI Healthcare Information Technology Standards Panel: Manage Consent Directive: http://publicaa.ansi.org/sites/apdl/Documents/Standards%20Activities/Healthcare%20Informatics%20Technology%20Standards%20Panel/Technical%20Notes/TN900%20-%20Security%20and%20Privacy%20Overview/HITSP_v1.0_2007_TN900%20-%20Security%20and%20Privacy.pdf.
ITU-T: XACML is cross-standardized by ITU-T as ITU-T X.1142 (Extensible Access Control Markup Language)
OASIS ebXML: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=regrep
- XACML is used for access control in the reference implementation at http://ebxmlrr.sourceforge.net
OASIS Security Assertion Markup Language (SAML): http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
- See also the SAML Profile of XACML 2.0: http://docs.oasis-open.org/xacml/2_0/access_control-xacml-2.0-saml-profile-spec-os.pdf

Products and Deployments

This list includes products and deployments that make substantial use of XACML and that have been announced publicly. Readers should keep in mind that this is an incomplete list of XACML deployments. For security reasons, enterprises are frequently unwilling to publicize the security mechanisms they use internally, and many deployments of XACML fall into this category. In other cases, XACML is used internal to products, but is not exposed, and the vendor has chosen not to disclose this internal use.

ActiveGrid, Enterprise Web 2.0: http://www.activegrid.com/ActiveGrid_EnterpriseWeb_0606.pdf.
Adobe, Adobe LiveCycle Form Manager 7.x: http://www.adobe.com/products/server/formmanager/.
Astrogrid, MeshFire plug-and-play grid firewall security appliance: http://news.astrogrid.org/article.php?story=20020927141937774.
AXESCON LLC, AX2E - AXESCON XACML 2.0 Engine (Beta version): http://axescon.com/ax2e/.
Axiomatics, Delegent authorisation system: http://www.axiomatics.com/docs/delegent-whitepaper.pdf.
Bandit Project, Reference Application, Bandit Role Engine: http://www.bandit-project.org/index.php/Reference_Application.
BEA, products WebLogic Server, WebLogic Portal and WebLogic Integration, collectively known as the WebLogic Platform: http://lists.oasis-open.org/archives/xacml-users/200509/msg00012.html, http://e-docs.bea.com/wls/docs91/secmanage/providers.html. Also AquaLogic Enterprise Security (ALES)] version 2.1.
BRT, Inc., product Criminal Justice Policy Dashboard (CJPD): http://www.beamreachtech.com/.
Cape Clear, Enterprise Service Bus: http://www.capeclear.com/download/kits/cc6/Quick_Start.pdf.
CCLRC, The TrustCoM Framework for trust, security and contract management of web services and the Grid - V2: http://epubs.cclrc.ac.uk/bitstream/901/RAL_Tech_Rep_Trustcom_Framework.pdf.
Children's Hospital, Boston, Personal Internetworked Notary and Guardian http://www.ping.chip.org/Downloads/api/org/chip/ping/xacml/package-summary.html.
Cogent Logic Corporation, a generic, Axis-based RBAC system later this month called Send-Encrypted, Web Service Edition: http://mail-archives.apache.org/mod_mbox/ws-axis-user/200306.mbox/%3CNBBBIEJICNNKIJDKIOMJKEJCFOAA.jeff@cogentlogic.com%3E.
Common EU EHR Registry/Repository http://www.srdc.metu.edu.tr/~asuman/GenevaSemInteroperabilityTalk.ppt.
Computer Associates, eTrust Identity and Access Management Suite: http://investor.ca.com/phoenix.zhtml?c=83100&p=irol-newsArticle&ID=674422&highlight=.
DataPower, XS40 XML Security Gateway: http://www.xsljit.com/newsroom/pr_091603_MQ.html and http://www.webservices.org/index.php/ws/content/view/full/5022 integrated with IBM WebSphere MQ.
Diamelle, OpenIAM access manager product; SOA security product (release in Nov. 2007): http://www.diamelle.com/.
Eclipse, Open Healthcare Framework: http://www.eclipse.org/ohf/.
e-Health Research Centre, Health Data Integration (TM): http://www.aracy.org.au/pdf/events/2005ConferenceSpeakers/2005%20ARACY%20Conference%20P09David%20Hansen220705.pdf.
ELENA Project, Smart Spaces for LearningTM: http://www.elena-project.org/images/other/index.html.
eMayor, e-government platform: http://www.innovations-report.de/html/berichte/informationstechnologie/bericht-56918.html.
Entrust, GetAccess identity and access management, and 2 other products: http://www.entrust.com/resources/standards/xacml.htm and http://www.entrust.com/events/getaccess70.htm.
Exigen Group, SSO, naming and identity services, access control, data filtering http://cserg0.site.uottawa.ca/ncac05/index.html.
eXist, Open Source Native XML Database using XACML: http://exist.sourceforge.net/.
The Fedora Project, An Open-Source Digital Repository Management System: http://www.fedora.info/.
Fraunhofer Institute for Open Communication Systems, FOKUS Telco SOA http://www.fokus.fraunhofer.de/go/ims/opensoaplayground/pdf/SOA_in_Telecommunications-Magedanz-06-2007.pdf.
Globus ToolKit, XACML PDP for grid applications: http://www-unix.globus.org/toolkit/.
IBM, WebSphere, via Entrust Enhanced Web Security and Web Access Control Solutions: http://www-306.ibm.com/software/info1/websphere/index.jsp?tab=solutions/entrust&S_TACT=103BHW06&S_CMP=campaign and Websphere Studio via DataPower XS40 integration: http://www.webservices.org/index.php/ws/content/view/full/5022.
Identity Engines, Ignition fine-grained, user-authenticated networks: http://www.identityengines.com/.
Internet2, http://lionshare.its.psu.edu/main/info/docspresentation/ls_sec_i2.pdf.
Jericho Systems, EnterSpace Security Suite (ESS) v5.0: http://www.jerichosystems.com/Products_Services/ESS/index.html and http://www.jerichosystems.com/Company/index.html.
Layer 7 Technologies, SecureSpan Manager policy manager: http://www.layer7tech.com/products/manager.html.
Liferay, Portal 4.0: http://www.liferay.com/web/guest/home.
MaXware, MaXware Virtual Policy Server (MVPS): http://www.maxware.com.
Mendocino County, CA, Securing Health Access and Records Exchange (SHARE): http://www.alschulerassociates.com/library/documents/HL7NLMSurvey_FINAL.pdf.
Meta Access Management System (MAMS), Australian Department of Education, Science and Training: http://www.cs.umu.se/~elmroth/papers/SGASIJCIS_2006.pdf.
NASA Information Power Grid, Cardea dynamic authorization system: http://www.nas.nasa.gov/News/Techreports/2003/PDF/nas-03-020.pdf.
National Science Digital Library (NSDL), NSDL Data Repository: http://www.biosciednet.org/docs/BEN_New_Collaborators_Feb06/Krafft%20BEN%20meeting%20Feb%202%202006.pdf.
Net-Centric Enterprise Services (NCES), U.S. Defense Information Systems Agency, draft security architecture, 1 March 2004: http://horizontalfusion.dtic.mil/docs/specs/20040310_NCES_Security_Arc.pdf.
Net-Centric Enterprise Solutions for Interoperability (NESI), (collaborative activity between the USN PEO for C4I and Space and the USAF Electronic Systems Center) recommendation, 2005: http://nesipublic.spawar.navy.mil/files/Part04v1.0.2.doc.
Novell, Bandit, includes role engine based on the RBAC and XACML standards: http://news.google.com/news/url?sa=T&ct=us/1-0&fd=R&url=http://www.itjungle.com/tlb/tlb061306-story01.html&cid=0&ei=CGihRMfaOLDKaPeV-fMH.
OASIS ebXML Standard Reference Implementation, Electronic Business Registry/Repository: http://ebxmlrr.sourceforge.net. XACML is used for access control internally, so freebXML adopters are also XACML adopters. A list of ebXML Reference Implementation adoptions is available at http://ebxmlrr.sourceforge.net/aboutFAQ/About_freebXML_Registry.html#Deployments.
Okiok, Global Trust identity and access management product: http://www.okiok.com/index.jsp?page=Global+Trust.
Oracle, Identity Management: http://www.oracle.com/corporate/press/2006_jun/oracle-extended-identity-management-ecosystem.html.
Parthenon Computing, Parthenon XACML Evaluation Engine, Parthenon XACML Policy Suite: http://blog.parthenoncomputing.com/xacml/ and http://www.parthenoncomputing.com/team.html.
PSS Systems, PSS1 Document Policy Compliance Solution: http://www.drmwatch.com/drmtech/print.php/3104341.
RAMP, Digital Repository Authorization Middleware Architecture: http://drama.ramp.org.au/.
RedHat, JBoss Application Server: http://jira.jboss.com/jira/browse/JBAS-2673.
Research Activityflow and Middleware Priorities Project (RAMP), Australian Government, Open Standards Authorisation: http://www.ramp.org.au/.
Office fo the Secretary of Defense, Personnel & Readiness, U.S. Government, The Defense Readiness Reporting System (DRRS), System Architecture: http://drrs.org/files/DRRSSystemArchitectureWorkingDraft.pdf.
Securent, Securent Entitlement Manager, Entitlement Management Solution (EMS), Securent Policy Engine, and Securent Enforcer: http://www.securent.net/.
SeRIF and Walden, Secure remote invocation framework, part of UMich CITI Network Testing and Performance Project (NTAP): http://www.citi.umich.edu/projects/ntap/docs.html and http://www.mgrid.umich.edu/projects/walden.pdf.
Soph-Ware Associates, XML Cross Domain Guard policy authoring tool: http://www.soph-ware.com/.
Starbourne: http://lists.xml.org/archives/xml-dev/200409/msg00117.html.
Sun Microsystems, Sun Service Registry: http://www.sun.com/products/soa/registry/
Sun XACML Open Source, XACML PDP implementation: http://sunxacml.sourceforge.net/.
Symlabs, Identity Management Infrastructure: http://www.symlabs.com/Products/FIAM_DOCS/symlabs-fiam-prod-pdp-d1_jn.html.
TrustCoM Consortium, TrustCoM Framework: http://epubs.cclrc.ac.uk/bitstream/901/RAL_Tech_Rep_Trustcom_Framework.pdf.
UMU-XACML Editor, XACML policy editor: http://xacml.dif.um.es/.
U.K. Department of Trade and Industry, Generic Infrastructure for Medical Informatics: http://cserg0.site.uottawa.ca/ncac05/index.html.
U.S. Navy, COMPACFLT, Enterprise Dynamic Access Control: http://csrc.nist.gov/rbac/EDACv2overview.pdf and http://csrc.nist.gov/rbac/EDAC-presentation.ppt.
U.S. Veterans Health Administration (VHA), next generation access control system: http://www.va.gov/rbac/docs/VHA_OASIS_CCOW_Briefing.ppt.
Vordel: http://radio.weblogs.com/0111797/2006/08/21.html.
WSE Authorization Handler Framework, A WS-Policy configurable callout for making (and enforcing) web service access control decisions: http://www.cs.virginia.edu/~dad3e/authzhandler/.
XACML.NET, XACML PDP implementation with GUI: http://mvpos.sourceforge.net/xacml.htm.
Xtradyne, WS-DBC XML Firewall: http://www.xtradyne.com/documents/datasheets/Xtradyne_WS-DBC_ProductDataSheet.pdf.

XACML Attribute Definitions

There is no official registry for XACML Attributes. This list includes links to specifications that define XACML Attributes. Inclusion in this list does not imply any status as standards for these specifications.

OASIS XACML TC: general-purpose Attributes. Defined in XACML 2.0 Core: eXtensible Access Control Markup Language (XACML) Version 2.0, Appendix B, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
OASIS XACML TC: role based access control policy Attributes. Defined in Core and hierarchical role based access control (RBAC) profile of XACML v2.0, Section 6, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-rbac-profile1-spec-os.pdf
OASIS XACML TC: privacy policy Attributes. Defined in Privacy policy profile of XACML v2.0, Section 2, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-privacy_profile-spec-os.pdf.
OASIS XACML TC: hierarchical resource Attributes. Defined in Hierarchical resource profile of XACML v2.0, Section 6, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-hier-profile-spec-os.pdf.
OASIS XACML TC: multiple resource scope Attributes. Defined in Multiple resource profile of XACML v2.0, Section 4, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-mult-profile-spec-os.pdf.

XACML References and Products, Version 1.83

Contents