Modern Standard-Based Access Control in Network Services: XACML in Action

Access control in distributed systems is a complex problem that can be tackled in several ways. The XACML standard provides a possible solution, with several benefits and some drawbacks. In this paper the authors investigate the concepts behind distributed access control, review the XACML standard, and provide practical suggestions about the components to be used in building a XACML-based distributed access control system. Access control is the ability to permit or deny to a specific subject the use of a resource. In a general scenario the access control process is managed by an Authorization System (AS) that takes decisions according to some authorization policies.