XML standard set for secure Web services

The Organization for the Advancement of Structured Information Standards (OASIS) today announced that its interoperability consortium has approved the Extensible Access Control Markup Language (XACML) as an OASIS open standard.

XACML, a variant of Extensible Markup Language, allows Web developers to enforce policies for information access over the Internet.

Its adoption as an OASIS standard means that agencies can implement it with the confidence that it will become widely used. As an open standard, no single vendor owns it and all developers can use it.

The standard is designed for use in authorizing which individuals should have access to information, said Carlisle Adams of Entrust Inc., co-chairman of the OASIS XACML Technical Committee, in a statement. Authorization procedures developed based on XACML can be applied to all products that support the standard, regardless of which vendor makes them, allowing for organizationwide uniform enforcement.

Agencies are interested in such standards because the needs of homeland security, electronic government and other initiatives are pushing agencies to share information while keeping it secure, said Jim Flyzik, a consultant and the newly appointed chairman of the Information Technology Association of America's Homeland Security Task Group.

"It is something we've talked about for quite some time," he said. "There's always an interest in standardization, and XML is going to be a key technology for making systems interoperate."

OASIS, founded in 1993, has developed other open standards as well, all focused on data security. The organization has more than 2,000 participants, representing more than 600 organizations.

Federal members include the Defense Information Systems Agency, the State Department, and the National Institute of Standards and Technology.

Several companies that are part of the XACML Technical Committee, including IBM Corp., Entrust, OpenNetwork Technologies Inc., Quadrasis Inc., Sterling Commerce Inc. and Sun Microsystems Inc., developed the XACML standard.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.