Dan Connolly's tinkering lab notebook

a fly-by of XACML

Somebody listed SAML+XACML as an access control model, and I asked for a summary, as contrasted with the unix user/group/world model. The summary was, XACML is an access control rules language; you can write rules about access and credentials. So I'm taking a look at XACML

ugh... urn:oasis:names:tc:xacml:2.0:policy

xacml TC in OASIS

XACML 2.0 spec (PDF)

section 3.3 Policy language model looks nice... it's a UML diagram; pretty straightforwardly translated to OWL

reading the XACML spec... typical XML-base spec... table of contents enumerates the syntactic elements. semantics isn't visible from TOC

ah... semantics is found in section 7. Functional requirements