XACML policy integration algorithms: not to be confused with XACML policy combination algorithms!


XACML is the OASIS standard language for the specification of authorization and entitlement policies. However, while XACML well addresses security requirements of a single enterprise (even if large and composed by multiple departments), it does not address the requirements of virtual enterprises built through collaboration of several autonomous subjects sharing their resources. In this paper we highlight such limitations and we propose an XACML extension, the policy integration algorithm, to address them. In the paper we also discuss in which respect the process of comparing two XACML policies differs from the process used to compare other business rules.


content distributed networks, security, protection, integration, standardizaton, xacml, web services

Date of this Version



SACMAT '06 Proceedings of the eleventh ACM symposium on Access control models and technologies