XACML and the Cloud What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any available information Superset of Permissions, ACLs, RBAC, etc Scales from PDA to Internet Federated policy administration OASIS and ITU-T Standard XACML Cloud Features Powerful language features Federated Administration Combining algorithms resolve conflicts Administrative Policies Capture complex business relationships Policies managed by providers, customers, end users Global identifiers prevent name conflicts Domain-specific Profiles Healthcare, Intellectual property, Privacy XACML Enables Efficient Cloud Implementations Stateless Server Choice of imbedded or server-based PDP Max performance or Access Control Service Specification permits optimizations Order of evaluation Caching of Attributes Caching of decisions or partial evaluations