XACML is an OASIS specification for expressing policies in XML for information access over the Internet. Sun Microsystems's implementation, developed within the company's Internet Security Research Group, is intended to enable use of the language in applications ranging from file servers to Web services and directories, according to Steve Hanna, senior staff engineer in Sun Labs, in Burlington, Mass.
"Anything that needs access control can adopt XACML as [its] access control policy language," Hanna said.
XACML is intended to replace proprietary access control mechanisms, Hanna said. The problem has been that every vendor has had its own custom way to specify access control, he said. "That's a nightmare from an administrative standpoint," said Hanna.
Sun's XACML code can be integrated into products such as a file server or a Web services toolkit free of charge, he said. The company hopes to generate revenue off of XACML by including it in policy-driven computing initiatives such as Sun's N1 plan, Hanna said.
"With N1, we aim to automate and virtualize the management of the datacenter, and in order to do that it's beneficial to have a common policy language across all the servers that are running in the datacenter," Hanna said.
Hardware and software vendors would need to include XACML support in their products, he said.
Sun's XACML code is available for download at: http://sunxacml.sourceforge.net.The OASIS XACML Technical Committee has had participation from vendors such as IBM, BEA Systems, and Entrust.