XACML and the Cloud

advertisement
XACML and the Cloud
What is XACML?








XML language for access control
Coarse or fine-grained
Extremely powerful evaluation logic
Ability to use any available information
Superset of Permissions, ACLs, RBAC, etc
Scales from PDA to Internet
Federated policy administration
OASIS and ITU-T Standard
XACML Cloud Features

Powerful language features


Federated Administration



Combining algorithms resolve conflicts
Administrative Policies


Capture complex business relationships
Policies managed by providers, customers, end
users
Global identifiers prevent name conflicts
Domain-specific Profiles

Healthcare, Intellectual property, Privacy
XACML Enables Efficient
Cloud Implementations


Stateless Server
Choice of imbedded or server-based PDP


Max performance or Access Control Service
Specification permits optimizations



Order of evaluation
Caching of Attributes
Caching of decisions or partial evaluations
Download