Security specification gets OK'd

Martin LaMonica Former Staff writer, CNET News

Martin LaMonica is a senior writer covering green tech and cutting-edge technologies. He joined CNET in 2002 to cover enterprise IT and Web development and was previously executive editor of IT publication InfoWorld.

See full bio

Martin LaMonica

Feb. 18, 2003 11:38 a.m. PT

Standards group the Organization for the Advancement of Structured Information Standards (OASIS) announced Tuesday that it has ratified the Extensible Access Control Markup Language (XACML) as a standard, paving the way for its use in security products.

XACML is a specification that lets companies define security policies around Web services applications. With XACML-based security products, companies can spell out information access privileges for people. XACML is designed to work with another OASIS standard, Security Assertion Markup Language (SAML), which defines a common method for sharing authorization information between different security systems. The XACML specification was developed by Entrust, IBM, OpenNetwork, Quadrasis, Sterling Commerce, Sun Microsystems and other participants in OASIS.