First Experiences Using XACML for Access Control in Distributed Systems
Proceedings of the 2003 ACM workshop on XML security (XMLSEC ’03)

Seth Proctor   (Sun Microsystems Laboratories)  
Rebekah Lepro   (NASA Ames Research Center)  
Markus Lorch, Dennis Kafura, Sumit Shah (Virginia Tech),   


Summary:

One of the key aspects of any security system is authorization. Authorization, or access control, is usually based on some predefined policies, which define the conditions under which a given action is allowed. When each application or environment has a different way to express policy, however, it makes it hard to scale, distribute, and manage the system as a whole, and it causes significant problems when systems in different trust domains need to work together. The eXtensible Access Control Markup Language tries to address these problems by providing a general-purpose policy language that is designed specifically to scale and support decentralized management.

XACML, eXtensible Access Control Markup Language is a specification for expressing and managing policies in XML for information access over the Internet. This paper discusses how XACML is expected to simplify and streamline enterprise access control and how authorization can be deployed in distributed, decentralized and heterogeneous system. 

XACML has two main entities, PEP (Policy Enforcement Point) and PDP (Policy Decision Point). It also provides a framework for Access Request, Response and Standard Interface for querying PDP. XACML support rich set of extensible data types and functions. It has a unique feature of policy combining rules & mechanism, which is not found in any other access control language.

Sun Microsystems and OASIS (Organization for Advancement of Structured Information Standards) are actively working toward making XACML as a standard for creation and management of access control policies. XACML original implementation developed at Sun Microsystems, Internet Security Group (ISRG) is also available, which completely support XACML1.1 specifications.  


Pros:
+ Contains rich and easily Extendable new data types and functions for defining policies
+ Policy can include references to other policies and rules managed by different administrative domain
+ Also support combination of multiple policies and their combining Algorithm to derive a single result
+ Policy attributes can either be get from Request or other Attribute Systems
+ Can apply one policy on a heterogeneous resources across administrative domains
+ Inherently it can easily used integrate SAML, SOAP, X.509 and thus provide higher interoperability with distributed heterogeneous systems 


Cons:
- It is not a new idea, this concept for access control already exist.
- Paper has no performance measures and should have provided some comparison with other XML based authorization system
- XACML doesn’t provide protocol for communication between PEP and PDP. So it has to use SAML, SAML over SOAP, SOAP, and Common Open Policy Service COPS as a protocol between PEP & PDP.
- Similarly PEP and online PDP has to support these protocols.
- PEP is a single point of failure. Vulnearble to DOS attack
- What if adversary intercepts messages or masquerade as PDP for authorization request and then reply with fake response
- Paper doesn’t discuss any performance issues and overheads of XACML based solution
- Yea it is standard way to represent policies. But it is difficult and complex to create polices using XACML syntax with so much of things there in specification even writing a trivial policy. 
- In order to read this paper, you need to have good understanding of XACML otherwise you will not be able to make sense out of it

Discussion Questions:
- Are there other applications of XACML or any other domains where it can be applied or suitable for? 
- What about its application in OS and specifically in File System?
- What about to be used in Ubiquitous environment?
- For which type of application it will not work?
- What you guys think about following issues and how to handle them
	PEP is a single point of failure?
	DOS attack on PEP
	Distribution and Replication of PEP for fault tolerance
- What type of performance measures can be useful to analyze the XACML based solution?
- What you think about the ease in writing policies?
- What are some other features, which you like, should be there or should be added to XACML?
- At the end are convinced that XACML fulfill the claims which are made?
- Do you think it will be able to meet the demand of the industry? And will it become industry standard?


Vote:
Strong Accept: 0
Weak Accept  : 6
Weak Reject  : 1
Strong Reject: 1