An XACML Glossary

By Russell Kay

May 19, 2003 12:00 PM ET

Recommended

(7)

Digg

Twitter

Share/Email

Computerworld - Action: The type of access that is being requested (for example, read, write, create, delete, logged).
Attribute: A specific characteristic of a subject, resource, action or environment in which the access request is made. Attributes could include a user's name, workstation identity, security clearance, the file to which access is desired and the time of day.
Bag: An unordered collection of attributes, used for matching attributes to conditions. Bags may contain duplicate attributes or be empty.
Condition: A simple or complex Boolean function at the heart of a rule.
Effect: The result of an authorization: deny or permit.
Policy: A single access-control policy expressed through a set of rules.
Policy Set: A container of policies, including references to remote policies.
Resource: A device, data element or file for which access is requested.
Subject: The person or computer making a request.
Target: A set of simplified conditions for the subject, resource and action that must be met for a policy set, policy or rule to apply to a given request.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Development

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.