Thursday, March 14, 2013

Open source XACML implementations

I am looking into using eXtensible Access Control Markup Language (XACML). XACML is an OASIS standard implementing Role-Based Access Control (RBAC). It captures RBAC policies and specifies a number of architectural entities that can be used for policy definition, control and enforcement.

There is a number of open-source implementations of XACML. A list of them is depicted below, they are all Java-based:

Name
Provider/Creator
Programing language
XACML version supported
Latest version

Last updated
Comments
Sun
Java
XACML 1.x and 2.0 (core features)
2.0
2004
Seems not to be updated any more
WSO2
Java
XACML  1.0, 2.0 and 3.0
1.0.0
2012
based on Sun's XACML Implementation
ppz...@gmail.com
Java

0.0.14
2009

herasaf
Java
XACML 2.0
1.0.0-M3
2012

N/A
Java (Axis2 WS)
XACML 2.0
N/A
N/A
implements PDP and PAP



4 comments:

  1. This list is real good. I too am looking for a new authz solution.

    I am testing with WSO2. Please keep us posted on your experiences with this.

    Thanks Georgia

    ReplyDelete
  2. HI Georgia, Thanks for your post. I guess, you need to update the Balana url. It must be http://svn.wso2.org/repos/wso2/trunk/commons/balana.

    ReplyDelete
  3. Another one: AuthzForce
    https://github.com/authzforce/core

    ReplyDelete