Yesterday, I wrote about SPML and a little about SAML. SAML is an XML-based language for exchanging assertions about identity. SPML is an XML-based language for interacting with identity provisioning systems. There's another important piece in the puzzle: a common format for access requests, policies, and responses. XACML provides just that.
XACML is the language of the Policy Decision Point, of PDP. The PDP is the chunk of code that recieves access requests, checks to see whether they should be granted, and returns an appropriate response. The PDP is not necessarily the same as the place where credentials are stored. It merely needs access to that service, ideally via SPML. The PDP could be a module running in the local system or a remote system accessed over the Internet.
There are a number of good resources you should look at on XACML:
- Sun Developer has an excellent article on XACML. Be sure to look at the code samples in the sidebar (the ones in the mainbar are not indented and difficult to read).
- The piece on sitepoint is one page of a long article on XML Security.
- Sun has released an open source implementation of the XACML standard. This Source Forge site has a lot of great information.
- I have to mention the official OASIS site on XACML since its got all the foundational information including the XACML standard in PDF.