XACML References, Version 1.58
Copyright© OASIS Open 2004-2006 All Rights
Editor: Anne Anderson, Sun Microsystems <Anne.Anderson@Sun.COM>
Updated: 06/04/19 (yy/mm/dd)
These lists include publications, standards, products, and
specifications that contain substantial information about XACML
or make use of XACML in a substantial way. These are listed here
solely for the information of parties interested in XACML. By
including these links, neither the XACML TC, nor OASIS itself, is
endorsing, recommending, or guaranteeing the accuracy of the
referenced statements, publications, standards, or products in
any way. Neither the XACML TC nor OASIS itself guarantees the
completeness or accuracy of the information in this list of
references. This list may be modified at any time as further
information about these or other publications and products
becomes known. Additional submissions for listings and
corrections are invited by the editor.
This bibliography includes papers, articles, presentations,
specifications, and other publications that contain substantial
information about XACML or make use of XACML in a substantial
- Extensible Access Control Markup Language (XACML), by
Robin Cover, Cover Pages page on XACML. Updated regularly.
Available at http://xml.coverpages.org/xacml.html.
- XACML Policy Model, by Hal Lockhart, OASIS TC List Posting, 6 Apr 2006. Available at http://xml.coverpages.org/XACML-PolicyModel.html.
- XACML Policy Model, by Anne Anderson, OASIS TC List Posting, 9 Mar 2006. Available at http://lists.oasis-open.org/archives/xacml/200603/msg00007.html.
- XACML: The New Standard for Access Control Policy, by Hal Lockhart, RSA Conference 2006, 17 Feb 2006. Available at http://lists.oasis-open.org/archives/xacml/200604/msg00001.html.
- Inferring Access-Control Policy Properties via Machine
Learning, by Evan Martin and Tao Xie, to appear in
Proceedings of the 7th IEEE Workshop on Policies for Distributed
Systems and Networks (Policy 2006), London, Ontario Canada, June
2006. Available at http://www.csc.ncsu.edu/faculty/xie/publications.htm#policy06.
- PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness, by S. Sinclair, S. W. Smith, 5-9 December 2005, 21st Annual Computer Security Applications Conference. Available: http://ieeexplore.ieee.org/iel5/10467/33214/01565269.pdf?tp=&arnumber=1565269&isnumber=33214.
- Integrating security policies via Container Portable Interceptors, by Tom Ritter, Rudolf Schreiner, Ulrich Lang, November 28-December 2, 2005, Proceedings of the 4th workshop on Reflective and adaptive middleware systems. Available: http://portal.acm.org/citation.cfm?id=1101521&coll=portal&dl=ACM&CFID=65902895&CFTOKEN=77321372.
- Policy Administration Control and Delegation Using XACML and Delegent, by L. Seitz, E. Rissanen, T. Sandholm, B. S. Firozabadi, O. Mulmo, 13-14 November 2005,The 6th IEEE/ACM International Workshop on Grid Computing. Available: http://ieeexplore.ieee.org/iel5/10354/32950/01542723.pdf?tp=&arnumber=1542723&isnumber=32950.
- Web services: Web services enterprise security architecture: a case study, by Carlos Gutiérrez, Eduardo Fernández-Medina, Mario Piattini, 11 November 2005, Proceedings of the 2005 Workshop on Secure Web Services. Available: http://portal.acm.org/citation.cfm?id=1103025&coll=portal&dl=ACM&CFID=65902895&CFTOKEN=77321372.
- Reasoning about XACML policies using CSP, by Jery Bryans, 11 November 2005, Proceedings of the 2005 Workshop on Secure Web Services. Available (TechReport version): http://www.dirc.org.uk/publications/techreports/papers/21.pdf.
- Authorization for digital rights management in the geospatial domain, by Andreas Matheus, 7 November 2005, Proceedings of the 5th ACM workshop on Digital rights management. Available: http://portal.acm.org/citation.cfm?id=1102546.1102557. Slides: http://www.titr.uow.edu.au/DRM2005/presentations/drm05-matheus.pdf.
- Semantic Policy-based Security Framework for Business Processes, by Dong Huang, 7 November 2005, Semantic Web and Policy Workshop, 4th International Semantic Web Conference. Available: http://www.csee.umbc.edu/swpw/papers/huang.pdf.
- Finding expertise and information: Real-world oriented information sharing using social networks, Junichiro Mori, Tatsuhiko Sugiyama, Yutaka Matsuo, 6-9 November 2005, Proceedings of the 2005 international ACM SIGGROUP conference on Supporting group work GROUP '05. Available: http://portal.acm.org/citation.cfm?id=1099215&coll=portal&dl=ACM&CFID=65902895&CFTOKEN=77321372.
- WS-PolicyConstraints: A Domain-Independent Web Services Policy Assertion Language, by Anne Anderson, 3 November 2005. Available at http://research.sun.com/projects/xacml/IntroToWSPolicyConstraints.pdf.
- XACML: Access Control, Under Control, Sun Microsystems Laboratories, 1 November 2005. Available at http://research.sun.com/spotlight/2005_11_01-XACML.html.
- XACML-Based Web Services Policy Constraint Language (WS-PolicyConstraints), by Anne Anderson and Balasubramanian Devaraj, Working Draft 06, 24 October 2005. Available at http://research.sun.com/projects/xacml/ws-policy-constraints-current.pdf.
- Open Standards for Building Federations, by Dr. Erik Vullings, Meta Access Management System (MAMS), Macquarie E-Learning Centre of Excellence (MELCOE), Macquarie University, 22 October 2005. Available at https://mams.melcoe.mq.edu.au/zope/mams/events/OASIS_20041022/20041022%20-%20Open%20standards%20for%20Federation.ppt/view.
- Access-Control Policy Administration in XACML, by Erik Rissanen, Babak Sadighi Firozabadi, 13 October 2005, CRCIM News No. 63. Available at http://fmt.isti.cnr.it/WEBPAPER/p38-39.pdf.
- Access Control Policy Administration in XACML, by Erik Rissanen and Babak Sadighi Firozabadi, SICS, Sweden, ERCIM News No. 63, October 2005. Available at http://www.ercim.org/publication/Ercim_News/enw63/.
- Secure Federated Access to Grid Applications using SAML/XACML, by Erik Vullings, Markus Buchhorn, and James Dalziel, APAC2005 conference, Gold Coast, Australia; 28 September 2005. Available at https://mams.melcoe.mq.edu.au/zope/mams/kb/all/20050630%20-%20Secure%20Federated%20Access%20to%20Grid%20Applications%20using%20SAML_XACML%20-%20Vullings-Buchhorn-Dalziel.pdf/view. Slides available at https://mams.melcoe.mq.edu.au/zope/mams/kb/all/Erik_Vullings_FINAL.ppt/view.
- A XACML-based access control model for web service, by Han Tao, 23-26 September 2005, International Conference on Wireless Communications, Networking and Mobile Computing. Available: http://ieeexplore.ieee.org/iel5/10362/32965/01544254.pdf?tp=&arnumber=1544254&isnumber=32965.
- On XACML, role-based access control and health grids, by David Poser, Mark Slaymaker, Eugene Politou, Andrew Simpson, Oxford Univ. Computing Lab, 22 September 2005, The Fourth UK e-Science All Hands Meeting (AHM 2005). Available at http://www.allhands.org.uk/2005/proceedings/papers/378.pdf
- Using XML and XACML to Support Attribute Based Delegation, by Chunxiao Ye and Zhongfu Wu, Chongqing University, The Fifth International Conference on Computer and Information Technology (CIT'05), September 2005, pp. 751-756. Available at http://doi.ieeecomputersociety.org/10.1109/CIT.2005.196.
- Patterns for XACML, by Nelly Delessy, Florida Atlantic University, Secure Systems Research Group, 19 July 2005. Available at http://polaris.cse.fau.edu/~security/public/docs/DissertationReport071805.ppt.
- UDDI Access Control, Dai, J.; Steele, R., 04-07 July 2005, Information Technology and Applications, 2005. ICITA 2005. Third International Conference on
Volume 2, 04-07 July 2005 Page(s):778 - 783. Available at doi.ieeecomputersociety.org/10.1109/ICITA.2005.291.
- Usable security and privacy: a case study of developing privacy management tools, by Carolyn Brodie, Clare-Marie Karat, John Karat, Jinjuan Feng, July 2005,
Proceedings of the 2005 symposium on Usable privacy and security SOUPS '05. Available at http://cups.cs.cmu.edu/soups/2005/2005proceedings/p35-brodie.pdf.
- Bundle Authentication and Authorization Using XML Security in the OSGi Service Platform, by Hee-Young Lim, Young-Gab Kim, Chang-Joo Moon, Doo-Kwan Baik, July 2005, Proceedings of the Fourth Annual ACIS International Conference on Computer and Information Science (ICIS'05) - Volume 00 ICIS '05. Available at http://portal.acm.org/ft_gateway.cfm?id=1091618&type=external&coll=portal&dl=ACM&CFID=58511907&CFTOKEN=97001797.
- WS-Security policy profile of WS-PolicyConstraints, by Anne Anderson, Working Draft 03, 28 June 2005. Available at http://research.sun.com/projects/xacml/ws-security-profile-of-ws-policy-constraints-wd-03.pdf.
- GeoXACML, a spatial extension to XACML, by Andreas Matheus, 16 June 2005. Available at http://xml.coverpages.org/GeoXACML-05036.pdf.
- Policy Federation - The Final Frontier, by Frank Siebenlist, keynote at
IEEE 6th International Workshop on Policies for Distributed Systems and
Networks (Policy2005), Jun 6-8 2005, Stockholm, Sweden. Available at:
- DM-AMS: Employing Data Mining Techniques for Alert Management, by Vandana P. Janeja, Vijayalakshmi Atluri, Ahmed Gomaa, Nabil Adam, Christof Bornhoevd, and Tao Lin, Proceedings of the 2005 national conference on Digital government research, June 2005. Available at http://diggov.org/library/library/dgo2005/alert/janeja_dm-ams.pdf.
- Access control policy management: Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure, by Andreas Matheus, Proceedings of the tenth ACM symposium on Access control models and technologies, June 2005, Stockholm, Sweden. Available at: http://portal.acm.org/ft_gateway.cfm?id=1063983&type=pdf.
- Predicates for Boolean web service policy languages, by Anne Anderson, WWW 2005 Workshop on Policy Management for the Web, 10 May 2005. Available at: http://www.csee.umbc.edu/pm4w/papers/anderson12.pdf, slides at http://www.csee.umbc.edu/pm4w/presentations/anderson.pdf.
- XACML and Role-Based Access Control, by Jason Crampton, Royal Holloway, University of London, DIMACS Workshop on Secure Web Services and e-Commerce, 5-6 May 2005, slides at http://dimacs.rutgers.edu/Workshops/Commerce/slides/crampton.pdf.
- Change management: Verification and change-impact analysis of access-control policies, Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, Michael Carl Tschantz; May 2005; Proceedings of the 27th international conference on Software engineering. Available at http://www.cs.brown.edu/~sk/Publications/Papers/Published/fkmt-verif-change-impact-xacml/.
- Building Trustworthy Applications: XacT: a bridge between resource management and access control in multi-layered applications, by Maarten Rits, Benjamin De Boe, Andreas Schaad; May 2005; ACM SIGSOFT Software Engineering Notes, Proceedings of the 2005 workshop on Software engineering for secure systems - building trustworthy applications SESS '05, Volume 30 Issue 4. Available at http://portal.acm.org/citation.cfm?id=1083200.1083202.
- A comparison of compression techniques for XML-based security policies in mobile computing environments, by Xuebing Qing, Carlisle Adams, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at: http://lotos.site.uottawa.ca/ncac05/xuebing_qing_18500102.ppt
- Using SPML to provision dynamic XACML rules to manage privacy and access control in Web security infrastructure, by Michel Hétu, Anton Stiglic, Claude Vigeant, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at: http://lotos.site.uottawa.ca/ncac05/vigeant_18500162.pdf
- Policy verification and change impact analysis, by Kathi Fisler, Shriram Krishnamurthi, Leo Meyerovich, Michael Carl Tschantz (Brown Univ), Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at: http://lotos.site.uottawa.ca/ncac05/fisler_18500059.ppt.
- Administrative policies in XACML, by Erik Rissanen, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at: http://lotos.site.uottawa.ca/ncac05/rissanen_18500187.ppt
- The Globus authorization processing framework The Globus authorization processing framework, by Frank Siebenlist, Takuya Mori, Rachana Ananthakrishnan, Liang Fang, Tim Freeman, Kate Keahey, Sam Meder, Olle Mulmo, Thomas Sandholm, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at: http://lotos.site.uottawa.ca/ncac05/mori_18500001.pdf
- Approaches to generalization of XACML, by Tim Moses, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at: http://lotos.site.uottawa.ca/ncac05/moses_18500213.ppt
- Attribute based access control (ABAC): a new access control approach for service oriented architectures, by Eric Yuan, Jin Tong, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at: http://lotos.site.uottawa.ca/ncac05/yuan_18500229.ppt
- Key differences between XACML and EPAL, by Anne Anderson, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at: http://lotos.site.uottawa.ca/ncac05/Anderson_KeyDiffsXACMLandEPAL.pdf
- Model-driven design and administration of access control in enterprise applications, by Aleksey Studnev, Kathleen Johnson, Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at: http://lotos.site.uottawa.ca/ncac05/studnev_18500106.ppt.
- Putting Trust into the Network: Securing Your Network through Trusted Access Control, by Ned Smith (Intel, TCG), Ottawa New Challenges for Access Control Workshop, 27 April, 2005. Available at: http://lotos.site.uottawa.ca/ncac05/smith_18500034.ppt.
- A Network Access Control Approach Based on the AAA Architecture and Authorization Attributes, by Lopez, G.; Gomez, A.F.; Marin, R.; Canovas, O.; Parallel and Distributed Processing Symposium, 2005. Proceedings. 19th IEEE International 04-08 April 2005 Page(s):287a - 287a. Slides available at http://www.cs.uccs.edu/~SNS/talks/SSN05_Spain.ppt.
- Using XACML and SAML for Authorisation messaging and assertions: XACML and SAML standards overview and usage examples, by Yuri Demchenko, 28 March, 2005. Available at http://www.uazone.org/demch/analytic/draft-authz-xacml-saml-02.pdf
- An Introduction to XACML, by Nurmamat. Helil; 11 March 2005; available at http://www.is.pku.edu.cn/dis/ppt/nur1.pdf.
- Using XML based security tickets and tokens, or, SAML demystified, by Yuri Demchenko, AIRG, University of Amsterdam; 17 February 2005. Available at http://www.uazone.org/demch/presentations/tf-emc2-authz-ticktok-2005.pdf.
- SAML, XACML & the Terrorism Information Sharing Environment, by Martin Smith of the Department of Homeland Security (DHS), February 16, 2005. Available at http://xml.gov/presentations/dhs/infosharing.htm
- Globus Toolkit: Authorization Processing, by Frank Siebenlist, Takuya
Mori; session: "XACML and Globus: Authorization Policy Framework
Integration in the Globus Toolkit", GlobusWORLD 2005, Feb 7-11 2005, Boston,
MA. Available at:
http://www.mcs.anl.gov/~franks/GW05/GW05-XACMLandGlobus-Demo.ppt.pdf or at http://www.globus.org/toolkit/presentations/GW05-XACMLandGlobus-Demo.ppt.pdf.
- Access Control for the Grid: XACML, by Anne Anderson; session: "XACML
and Globus: Authorization Policy Framework Integration in the Globus
Toolkit", GlobusWORLD 2005, Feb 7-11, Boston, MA. Available at:
- Security System for Distributed Business Applications, by Thomas Schmidt, Gerald Wippel, Klaus Glanzer, Karl Fuerst, 17 January 2005, International Journal of Web Services Research. Available: http://www.igi-online.com/downloads/pdf/itj2733_1sr1rnqcgr.pdf
- Differences between XACML versions 1.0 and 2.0, by Eleanor
Joslin (Parthenon Computing Ltd), 7 January 2005. Available at: http://blog.parthenoncomputing.com/xacml/archives/2005/01/the_differences.html.
- How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML), by A. Matheus, System Science, 2005, HICSS '05. Proceedings of the 38th Annual Hawaii International Conference on 03-06 Jan. 2005 Page(s):168a - 168a. Available at: http://csdl.computer.org/comp/proceedings/hicss/2005/2268/07/22680168aabs.htm.
- CT-T: Explainable Policies for Establishing Trust in Web Applications, by Jeff Bradshaw, Pay Hayes, Kent Seamons, Richard Fikes, Deborah McGuinness, Marianne Winslett, Team Proposal to NSF in response to Cyber Trust (CT) solicitation NSF-05-518. Available at http://www.ihmc.us/users/phayes/NSF/EPfETiWA.pdf
- Authorization in Trust Management: Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC, by Brian Garback, 2005. Available at html://www.cs.virginia.edu/~bjg5x/AuthorizationTalkForAerospace.ppt.
- A Trusted Information Sharing Project, by Shiu-Kai Chin, Polar Humenn, Thumrongsak Kosiyatrakul, Susan Older, Terrell Northrup, Stuart Thorson, 31 December 2004. Available at http://www.cse.buffalo.edu/caeiae/skm2004/presentation_slides/A-Sessions/1A-01-Chin/1A-01-Chin.pdf
- XACML/WSPL, by Thijs van den Berg en Marya Steenman, 16 December 2004. Available at http://www.os3.nl/~mrtn/assignments/XACML.pdf.
- Walden: a scalable solution for grid account management, by Kirschner, B.A.; Hacker, T.J.; Adamson, W.A.; Athey, B.D.; Fifth IEEE/ACM International Workshop on Grid Computing, 2004, 8 Nov. 2004. Available at: http://doi.ieeecomputersociety.org/10.1109/GRID.2004.66 or
- Meeting central: making distributed meetings more effective, by Nicole Yankelovich, William Walker, Patricia Roberts, Mike Wessler, Jonathan Kaplan, Joe Provino; 6-10 November 2004, Proceedings of the 2004 ACM conference on Computer supported cooperative work 2004, Chicago, Illinois, USA. Available at: http://research.sun.com/sunlabsday/docs.2004/CSCW2004-OH.pdf.
- Service applications: An OGSA-based accounting system for allocation enforcement across HPC centers, Thomas Sandholm, Peter Gardfjäll, Erik Elmroth, Lennart Johnsson, Olle Mulmo; November 2004; Proceedings of the 2nd international conference on Service oriented computing. Abstract available at: http://icsoc.dit.unitn.it/abstracts/A081.pdf. Full paper: http://portal.acm.org/citation.cfm?id=1035167.1035207
- XML Security: Control information access with XACML: The objectives, architecture, and basic concepts of eXtensible Access Control Markup Language, by Manish Verma, 18 Oct 2004. Available at http://www-128.ibm.com/developerworks/xml/library/x-xacml/
- Privacy protecting data collection in media spaces, by Jehan Wickramasuriya, Mahesh Datt, Sharad Mehrotra, Nalini Venkatasubramanian, 10-16 October, 2004; Proceedings of the 12th annual ACM international conference on Multimedia, 2004, New York, NY, USA. Available at: http://www.sigmm.org/apache/video2004/resources/papers/2004/VF_3.pdf. Slides available at: http://www.zurich.ibm.com/~mbc/FMSE04/slides/(6)_Nan_Zhang_FMSE04.ppt. Paper: http://portal.acm.org/citation.cfm?id=1029141.
- Trust, Access Control, and Rights for Web Services, Part
2, by Sams Publishing, 12 Oct 2004. Available at http://www.devshed.com/c/a/Security/Trust-Access-Control-and-Rights-for-Web-Services-Part-2/4/.
- Connecting and Extending Peer-to-Peer Networks LionShare: LionShare White Paper, October 2004. Available at: http://lionshare.its.psu.edu/main/info/docspresentation/LionShareWP.pdf.
- LionShare: A federated P2P app, by Derek Morr, Fall 2004 Internet2 members meeting. Available at: http://lionshare.its.psu.edu/main/info/docspresentation/i2_ls_security.pdf.
- Security & analysis I: Synthesising verified access control systems in XACML, by Nan Zhang, Mark Ryan, Dimitar P. Guelev; October 2004; Proceedings of the 2004 ACM workshop on Formal methods in security engineering. Slides available at: http://www.zurich.ibm.com/~mbc/FMSE04/slides/(6)_Nan_Zhang_FMSE04.ppt. Paper: http://portal.acm.org/citation.cfm?id=1029141.
- Experiences with NMI at Michigan, by Shawn McKee, 1 October 2004, NMI/SURA Testbed Workshop. Available at http://www.wlap.org/file-archive/2004/20041001-umwlap001-04-mckee.ppt.
- Collaboration and security in CNL's virtual
laboratory, by Andrew Tokmakoff, Yuri Demchenko and
Martin Snijders. WACE 2004, 23 September 2004. Available at
- Evaluation of XML Technologies as Applied to Access
Control, by David Staggs (SAIC) for Dept. of Veterans
Affairs, Veterans Health Administration, Office of
Information, 13 Sept 2004. Available at http://www.va.gov/rbac/docs/Veterans_Administration_Lab_Eval_of_XML_Technologies.pdf.
- Administrative Delegation in XACML, by Erik Rissanen, Babak
Sadighi Firozabadi. Swedish Institute of Computer Science. 2
Sept 2004, W3C Workshop on Constraints and
Capabilities for Web Services. Available at http://www.w3.org/2004/08/ws-cc/erbsf-20040902.
- Constraints and Capabilities for Web Services, Anne
Anderson, ed., Sun Microsystems, Inc. 27 Aug 2004.
W3C Workshop on Constraints and Capabilities for
Web Services. Available at http://www.w3.org/2004/08/ws-cc/aaccws-20040827.
- Access Control Methods for UDDI in Web Services using
XACML, presented by Dr. Dong-Il Shin, Sejong University,
Republic of Korea, 6th ASTAP Forum. ASTAP04/FR08/EG.IS/04.
- eXtensible Access
Control Markup Language: XACML im Vergleich mit P3P und
EPAL, by Stefan Berthold, Technische Universitaet
Dresden, Fakultaet Informatik, 28 June 2004. Available at http://dud.inf.tu-dresden.de/~kriegel/ss04/hauptseminar/Berthold2004_HS_XACML.pdf.
- Modeling and Realizing Security-Critical Inter-Organizational Workflows, by Michael hafner, Instituet fuer Informatik, Univ. Innsbruck, 22 June 2004. Available http://www.smart-systems.at/downloads/Model_Driven_Security_IASSE2004_final.pdf.
- Comparing WSPL and WS-Policy, by Anne Anderson, Sun
Microsystems, Inc. 8 June 2004. IEEE Policy 2004 Workshop.
Paper available at http://research.sun.com/projects/xacml/Policy2004.pdf.
Slides available at http://www.policy-workshop.org/2004/slides/Anderson-WSPL_vs_WS-Policy_v2.pdf.
- An Introduction to the Web Services Policy Language,
by Anne Anderson, Sun Microsystems, Inc., 8 June 2004. IEEE
Policy 2004 Workshop. Available at http://research.sun.com/projects/xacml/Policy2004.pdf.
- Using uml to visualize role-based access control constraints, by Indrakshi Ray, Na Li, Robert France, Dae-Kyoo Kim; 2-4 June 2004; Symposium on Access Control Models and Technologies; Proceedings of the ninth ACM symposium on Access control models and technologies, Yorktown Heights, New York, USA. Available at: http://www.cs.colostate.edu/~iray/research/sacmat04.pdf.
- Interactive Protocol Visualization (and a WSPL Case
Study), by Sean Cannella, 7 May 2004; Brown University.
Available at http://www.cs.brown.edu/people/scannell/wsplv/ipvis.pdf.
- LionShare Security Model, by Derek Morr; May 2004 Internet2 Member Meeting,
19-21 April, Arlington, VA. Available at http://lionshare.its.psu.edu/main/info/docspresentation/ls_sec_i2.pdf.
- X.509 Proxy Certificates for dynamic delegation, by
Von Welch, et al., 3rd Annual PKI R&D Workshop, Gaithersburg,
MD, USA, 12-14 April 2004. Abstract available at http://www.globus.org/alliance/publications/papers/pki04-welch-proxy-cert-final.pdf.
- RSVP policy control using XACML, by E. Toktar,
E. Jamhour, and G. Maziero, Policies for Distributed Systems
and Networks, 2004. POLICY 2004. Proceedings. Fifth IEEE
International Workshop on , 7-9 June 2004, Pages:87 - 96.
Slides available at http://www.policy-workshop.org/2004/slides/Toktar-RSVPPolicyControlUsingXACML.ppt.
Paper available through http://csdl.computer.org/comp/proceedings/policy/2004/2141/00/21410087abs.htm".
- Who's Master of Your Domain? Web services security in an unfriendly world, by Rickland Hollar, SOA Web Services Journal, 4 June 2004. Available: http://webservices.sys-con.com/read/45097.htm.
- XACML and Federated Identity, by Hal Lockhart, BEA
Systems, NASA Scientific and Engineering Workstation
Procurement (SEWP) Security Symposium, 1 June 2004.
Available at http://lists.oasis-open.org/archives/xacml/200406/ppt00000.ppt.
- Access management for distributed systems: Role-based
cascaded delegation, by Roberto Tamassia, Danfeng Yao,
William H. Winsborough. June 2004. Proceedings of the ninth
ACM symposium on Access control models and technologies
(SACMAT). Available at: http://www.cs.brown.edu/people/dyao/sacmat2004.ppt.
- Role-Based Access Control (RBAC) Role Engineering Process,
Version 3.0, developed for The Healthcare RBAC Task Force
by SAIC, 11 May 2004. Available at http://www.va.gov/RBAC/docs/HealthcareRBACTFRoleEngineeringProcessv3.0.pdf.
- CCOW Healthcare Implementation Using OASIS Standards,
by Ed Coyne, Veterans Health Administration, 28-29 April
2004. VHA Health Information Architecture. Available at http://www.va.gov/rbac/docs/VHA_OASIS_CCOW_Briefing.ppt.
- Exploring a Multi-Faceted Framework for SOC: How to
develop secure web-service interactions?, by Kees Leune,
Willem-Jan van den Heuvel, Mike Papazoglou, Tilburg University, Infolab, The Netherlands. Proceedings of RIDE'04, IEEE Press, March 2004.
Extended abstract available at http://infolab.uvt.nl/pub/leunek-2004-47.pdf. Full article: http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/proceedings/&toc=comp/proceedings/ride/2004/2095/00/2095toc.xml&DOI=10.1109/RIDE.2004.1281703.
- Access Control in a Distributed Decentralized Network: An
XML Approach to Network Security using XACML and SAML, by
Paul J. Mazzuca, Dartmouth College TR2004-506, Spring 2004.
Available at ftp://ftp.cs.dartmouth.edu/TR/TR2004-506.pdf
- Introduction To XACML, by Phil Griffin, 19 Feb 2004. Available at http://dev2dev.bea.com/pub/a/2004/02/xacml.html
- WSPL: an XACML-based Web Services Policy Language, by
Anne Anderson, Sun Microsystems, Inc., 27 January 2004.
Available at http://research.sun.com/projects/xacml/wspl_intro.pdf.
- Cardea: Requirements, Authorization Model, Standards and Approach, by Rebekah Lepro Metz, Globus World Security Workshop January 23, 2004. Available at http://grid.ncsa.uiuc.edu/gw04-security/GW04-SecWkshp-cardea.ppt.
- Design Document: SweGrid Accounting System Security
Design, by Thomas Sandholm and Olle Mulmo, 22 January
2004. Available at http://www.pdc.kth.se/grid/sgas/docs/SGAS-SEC-DD-0.1.pdf.
- XML Web Services and Security, by Bob Daly. Date
uncertain. Available at http://www.sims.berkeley.edu/~bdaly/cde/security/WebServicesSecurityIS219.html.
- SHEMP: Secure Hardware Enhanced MyProxy, by John Marchesini and Sean Smith, Technical Report TR2005-532, Dept .of Computer Science, Dartmouth College. 2005. Available at http://www.ists.dartmouth.edu/library/TR2005-532.pdf.
- Modeling Delegation of Rights in a simplified XACML with
Haskell, by Frank Siebenlist, Argonne Nat. Labs/Global
Grid Forum, 18 Nov 2003. Available at http://www-unix.mcs.anl.gov/~franks/haskell/XacmlDelegationHaskell0.html.
- An XACML-based Policy Management and Authorization Service
for Globus Resources, by Markus Lorch, Dennis Kafura,
Sumit Shah, Virginia Tech, Fourth International Workshop on
Grid Computing, Phoenix, AZ, 17 Nov 2003. Available at http://csdl.computer.org/comp/proceedings/grid/2003/2026/00/20260208abs.htm.
- The PRIMA System for Privilege Management, Authorization
and Enforcement in Grid Environments, by M. Lorch, et
al., 4th Int. Workshop on Grid Computing - Grid 2003, 17
November 2003. Available at http://zuni.cs.vt.edu/publications/PRIMA-2003.pdf.
- Certificate-based authorization policy in a PKI
environment, by Mary R. Thompson, Abdelilah Essiari,
Srilekha Mudumbai. ACM Transactions on Information and
System Security (TISSEC), Volume 6 Issue 4. November 2003.
Available at dsd.lbl.gov/security/Akenti/Papers/ACMTISSEC.pdf.
- Cardea: Dynamic Access Control in Distributed Systems, by Rebekah Lepro, NASA Advanced Supercomputing (NAS) Division, NASA Ames Research Center, NAS Technical Report NAS-03-020, November 2003. Available at http://www.nas.nasa.gov/News/Techreports/2003/PDF/nas-03-020.pdf.
- First Experiences Using XACML for Access Control in
Distributed Systems, by Markus Lorch, Seth
Proctor, Rebekah Lepro, Dennis Kafura and Sumit Shah.
Presented at the ACM Workshop on XML Security 31 October
2003, Fairfax, VA, USA. Slides available at http://zuni.cs.vt.edu/publications/xml-security-xacml-experiences-presentation.pdf.
- Grid security: requirements, plans and ongoing efforts, by Frank Siebenlist, Invited talk at the ACM Workshop on XML Security 31 October
2003, Fairfax, VA, USA. Slides available at:
- XML security: Certificate validation service using XKMS
for computational grid, by Namje Park, Kiyoung Moon,
Sungwon Sohn. 31 October 2003. Proceedings of the 2003 ACM
workshop on XML security. Available through http://cftest.acm.org/portal/citation.cfm?id=968577.
- Policy Management for OGSA Applications as Grid Services
(Work in Progress), by Lavanya Ramakrishnan, MCNC-RDI
Research and Development Institute. 8 Oct 2003. Available at http://www-unix.mcs.anl.gov/~keahey/DBGS/DBGS_files/dbgs_papers/ramakrishnan.pdf.
- Access control: An access control framework for business
processes for web services, by Hristo Koshutanski, Fabio
Massacci. 31 October 2003. Proceedings of the 2003 ACM
workshop on XML security. Available at: http://www.unitn.it/convegni/download/icsoc03/doctoral/2_Koshutanski.pdf.
- Enterprise Privacy Authorization Language (EPAL),
Matthias Schunter, ed., IBM Research Report. 1 October
2003. Available at http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/.
- The Formal Semantics of XACML, by Polar Humenn, Syracuse
University, Oct 2003. Available at http://lists.oasis-open.org/archives/xacml/200310/pdf00000.pdf.
- ebxmlrr 2.1-final1 open source freebXML Registry, 16 September
2003. Available at http://www.freebxml.org/ebxmlrr_final.htm>.
- Virtual enterprise access control requirements, by
M. Coetzee, J. H. P. Eloff. September 2003. Proceedings of
the 2003 annual research conference of the South African
institute of computer scientists and information
technologists on Enablement through technology. Available
- Web Services Security, by
Mark O'Neill with Phillip Hallam-Baker, Sean Mac Cann, Mike
Shema, Ed Simon, Paul A. Watters and Andrew White, Pages:
312, Publisher: McGraw-Hill Professional, ISBN: 0072224711.
Contains a chapter on XACML. Review available at http://www.net-security.org/review.php?id=89.
- XACML J2SE[TM] Platform Policy Profile, by Anne
Anderson, Sun Microsystems, Inc. 21 July 2003. Available at
- XACML: a new standard protects content in the enterprise data
exchange, XMLMania, 7 July 2003. Available at http://www.xmlmania.com/documents_article_8.php.
- An Introduction to XACML, by Michael Armstrong, SANS
Institute, 29 June 2003. Available at http://www.giac.org/practical/GSEC/Michael_Armstrong_GSEC.pdf.
- XACML: A New Standard Protects Content in Enterprise Data
Exchange, Java.Sun.Com technical article, 24 June 2003.
Available at http://java.sun.com/developer/technicalArticles/Security/xacml/xacml.html.
- XACML, Quickstudy by Russell Kay, Computerworld, 19
May 2003. Available at http://www.computerworld.com/developmenttopics/development/story/0,10801,81295,00.html.
- Sun XACML 1.0 Implementation Provides Attribute Management
Techniques, Paragon Pinnacles, 19 May 2003, Article#9821,
Volume 63, Issue 3. Available at http://newsletter.paragon-systems.com/articles/63/3/feature/9821.
- An XACML Glossary, by Russell Kay, Computerworld, 19 May
2003. Available at http://www.computerworld.com/developmenttopics/development/story/0,10801,81294,00.html.
- Securing Web Services for Use as Enterprise-Class Business
Systems, an AmberPoint Whitepaper, May 2003. Available
- Digital rights management and fair use by design: Fair
use, DRM, and trusted computing, by John S. Erickson.
April 2003. Communications of the ACM, Volume 46 Issue 4.
Available through portal.acm.org/citation.cfm?id=641205.641226.
- Multimedia and visualization: Self-manifestation of
composite multimedia objects to satisfy security
constraints, by Vijayalakshmi Atluri, Nabil Adam, Ahmed
Gomaa, Igg Adiwijaya. March 2003. Proceedings of the 2003
ACM symposium on Applied computing. Available at http://cftest.acm.org/portal/citation.cfm?id=952715.
- XACML -- A No-Nonsense Developer's Guide, by Vance
McCarthy, Enterprise Developer News, 24 Feb 2003.
Available at http://www.idevnews.com/TipsTricks.asp?ID=57.
- XACML Will Help Enterprises In Three Areas, by Ray
Wagner, Gartner, 21 February 2003. Available at http://www3.gartner.com/resources/113300/113307/113307.pdf.
- Getting Started with XML Security: Authorization Rules:
XML Access Control Markup Language (XACML), tutorial,
SitePoint, date uncertain. Available at http://www.sitepoint.com/article/933/8.
- Constrained delegation in XML-based Access Control and
Digital Rights Management Standards, by Guillermo Navarro
(Universitat Autonoma de Barcelona), Babak Sadighi Firozabadi
(Swedish Institute of Computer Science), Erik Rissanen
(Swedish Institute of Computer Science), Joan Borrell
(Universitat Autonoma de Barcelona). Available at http://ccd.uab.es/~guille/var/ny2003.pdf.
- Authorization Center Project (authZ), CMU. 2003. Available
This list includes open standards that reference XACML.
This list includes products and deployments that make
substantial use of XACML and that have been announced publicly.
Readers should keep in mind that this is an incomplete list of
XACML deployments. For security reasons, enterprises are
frequently unwilling to publicize the security mechanisms they
use internally, and many deployments of XACML fall into this
category. In other cases, XACML is used internal to products,
but is not exposed, and the vendor has chosen not to disclose
this internal use.
- Astrogrid, MeshFire plug-and-play grid firewall security appliance: http://news.astrogrid.org/article.php?story=20020927141937774
- BEA, products WebLogic Server, WebLogic Portal and WebLogic Integration, collectively known as the WebLogic Platform: http://lists.oasis-open.org/archives/xacml-users/200509/msg00012.html, http://e-docs.bea.com/wls/docs91/secmanage/providers.html
- BRT, Inc., product Criminal Justice Policy Dashboard (CJPD): http://www.beamreachtech.com/
- Cape Clear, Enterprise Service Bus: http://www.capeclear.com/download/kits/cc6/Quick_Start.pdf
- Children's Hospital, Boston, Personal Internetworked Notary and Guardian http://www.ping.chip.org/Downloads/api/org/chip/ping/xacml/package-summary.html
- Computer Associates, eTrust Identity and Access Management Suite: http://investor.ca.com/phoenix.zhtml?c=83100&p=irol-newsArticle&ID=674422&highlight=
- DataPower, XS40 XML Security Gateway: http://www.xsljit.com/newsroom/pr_091603_MQ.html and http://www.webservices.org/index.php/ws/content/view/full/5022 integrated with IBM WebSphere MQ
- ELENA Project, Smart Spaces for LearningTM: http://www.elena-project.org/images/other/index.html
- eMayor, e-government platform: http://www.innovations-report.de/html/berichte/informationstechnologie/bericht-56918.html
- Entrust, GetAccess identity and access management, and 2 other products: http://www.entrust.com/resources/standards/xacml.htm and http://www.entrust.com/events/getaccess70.htm
- Exigen Group, SSO, naming and identity services, access control, data filtering http://lotos.site.uottawa.ca/ncac05/studnev_18500106.ppt
- The Fedora Project, An Open-Source Digital Repository Management System: http://www.fedora.info/
- OASIS ebXML Standard Reference Implementation, Electronic Business Registry/Repository: http://ebxmlrr.sourceforge.net. XACML is used for access control internally, so freebXML adopters are also XACML adopters. A list of ebXML Reference Implementation adoptions is available at http://ebxmlrr.sourceforge.net/aboutFAQ/About_freebXML_Registry.html#Deployments
- Globus ToolKit, XACML PDP for grid applications: http://www-unix.globus.org/toolkit/
- IBM, WebSphere, via Entrust Enhanced Web Security and Web Access Control Solutions: http://www-306.ibm.com/software/info1/websphere/index.jsp?tab=solutions/entrust&S_TACT=103BHW06&S_CMP=campaign and Websphere Studio via DataPower XS40 integration: http://www.webservices.org/index.php/ws/content/view/full/5022
- Internet2, http://lionshare.its.psu.edu/main/info/docspresentation/ls_sec_i2.pdf
- Jericho Systems, EnterSpace Security Suite: http://www.jerichosystems.com/Products_Services/ESS/index.html and http://www.jerichosystems.com/Company/index.html
- Layer 7 Technologies, SecureSpan Manager policy manager: http://www.layer7tech.com/products/manager.html.
- NASA Information Power Grid, Cardea dynamic authorization system: http://www.nas.nasa.gov/News/Techreports/2003/PDF/nas-03-020.pdf.
- Net-Centric Enterprise Services (NCES), U.S. Defense Information Systems Agency, draft security architecture, 1 March 2004: http://horizontalfusion.dtic.mil/docs/specs/20040310_NCES_Security_Arc.pdf
- Net-Centric Enterprise Solutions for Interoperability (NESI), (collaborative activity between the USN PEO for C4I and Space and the USAF Electronic Systems Center) recommendation, 2005: http://nesipublic.spawar.navy.mil/files/Part04v1.0.2.doc
- Okiok, Global Trust identity and access management product: http://www.okiok.com/index.jsp?page=Global+Trust
- Parthenon Computing, Parthenon XACML Evaluation Engine, Parthenon XACML Policy Suite: http://blog.parthenoncomputing.com/xacml/ and http://www.parthenoncomputing.com/team.html
- PSS Systems, PSS1 Document Policy Compliance Solution: http://www.drmwatch.com/drmtech/print.php/3104341
- Office fo the Secretary of Defense, Personnel & Readiness, U.S. Government, The Defense Readiness Reporting System (DRRS), System Architecture: http://drrs.org/files/DRRSSystemArchitectureWorkingDraft.pdf
- SeRIF, Secure remote invocation framework, part of UMich CITI Network Testing and Performance Project: http://www.citi.umich.edu/projects/ntap/ntap3-pres/ntap3-mgrid.pdf
- Starbourne: http://lists.xml.org/archives/xml-dev/200409/msg00117.html
- Sun Microsystems, Sun Service Registry: http://www.sun.com/products/soa/registry/
- Sun XACML Open Source, XACML PDP implementation: http://sunxacml.sourceforge.net/
- UMU-XACML Editor, XACML policy editor: http://xacml.dif.um.es/
- U.K. Department of Trade and Industry, Generic Infrastructure for Medical Informatics: http://lotos.site.uottawa.ca/ncac05/E00-1489285807.pdf.
- U.S. Veterans Health Administration (VHA), next generation access control system: http://www.va.gov/rbac/docs/VHA_OASIS_CCOW_Briefing.ppt
- WSE Authorization Handler Framework, A WS-Policy configurable callout for making (and enforcing) web service access control decisions: http://www.cs.virginia.edu/~dad3e/authzhandler/
- XACML.NET, XACML PDP implementation with GUI: http://mvpos.sourceforge.net/xacml.htm
- Xtradyne, WS-DBC XML Firewall: http://www.xtradyne.com/documents/datasheets/Xtradyne_WS-DBC_ProductDataSheet.pdf.
There is no official registry for XACML Attributes. This list
includes links to specifications that define XACML Attributes.
Inclusion in this list does not imply any status as standards for
- OASIS XACML TC: general-purpose Attributes. Defined in
XACML 2.0 Core: eXtensible Access Control Markup Language
(XACML) Version 2.0, Appendix B, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
- OASIS XACML TC: role based access control policy Attributes.
Defined in Core and hierarchical role based access control
(RBAC) profile of XACML v2.0, Section 6,
- OASIS XACML TC: hierarchical resource Attributes. Defined in Hierarchical resource profile of XACML v2.0, Section 6, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-hier-profile-spec-os.pdf.
- OASIS XACML TC: multiple resource scope Attributes. Defined in Multiple resource profile of XACML v2.0, Section 4, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-mult-profile-spec-os.pdf.