# XACML > standard language for evaluating access requests according to rules defined in attribute-based access control policies **Wikidata**: [Q288682](https://www.wikidata.org/wiki/Q288682) **Wikipedia**: [English](https://en.wikipedia.org/wiki/XACML) **Source**: https://4ort.xyz/entity/xacml ## Summary XACML (Extensible Access Control Markup Language) is a standard language designed for evaluating access requests based on rules defined in attribute-based access control policies. Developed by OASIS, it functions as a domain-specific programming language utilizing a declarative paradigm to manage authorization. ## Key Facts * **Full Name:** Extensible Access Control Markup Language * **Developer:** OASIS * **Designer:** Simon Blackwell * **Primary Function:** Standard language for evaluating access requests according to attribute-based access control policies. * **Classification:** Identified as a domain-specific language, a programming language, and an XML Schema. * **Programming Paradigm:** Declarative programming and semi-structured data. * **Derivative Works:** GeoXACML and the Abbreviated Language For Authorization. * **Official Website:** https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml ## FAQs ### Q: What does XACML stand for? A: XACML stands for Extensible Access Control Markup Language. It serves as a standard for defining access control policies. ### Q: What programming paradigm does XACML use? A: XACML is based on a declarative programming paradigm and handles semi-structured data. It is considered a domain-specific language rather than a general-purpose programming language. ### Q: Who developed and designed XACML? A: The standard was developed by the standards organization OASIS and is credited to designer Simon Blackwell. ### Q: Are there any languages derived from XACML? A: Yes, known derivative works include GeoXACML (for geospatial data) and the Abbreviated Language For Authorization. ## Why It Matters XACML plays a critical role in the field of information security by providing a standardized, vendor-neutral method for managing authorization. As applications and systems became more complex, the need for a granular, attribute-based access control (ABAC) system superseded simpler role-based models. XACML addresses this by offering a formal language—written in XML Schema—to define policies that evaluate specific attributes of a user, action, or resource before granting access. Its significance lies in its flexibility and standardization; by using a declarative approach, it separates the logic of access control from the application code. This allows organizations to enforce consistent security policies across diverse platforms and systems without rewriting application logic. The existence of derivatives like GeoXACML further demonstrates its extensibility and adaptability to specialized sectors such as geospatial data management. ## Notable For * **Standardized Authorization:** Being the standard language specifically for attribute-based access control (ABAC) policies. * **Declarative Nature:** Utilizing a declarative programming paradigm, which describes the *what* (policies) rather than the *how* (control flow). * **Extensibility:** Serving as the foundation for specialized derivatives like GeoXACML. * **OASIS Endorsement:** Being an official standard maintained by the open standards consortium OASIS. ## Body ### Definition and Purpose XACML is a standard language used for evaluating access requests according to rules defined in attribute-based access control policies. It is technically classified as an XML Schema and a domain-specific language. The primary function of XACML is to provide a structured format for expressing authorization policies, determining whether a subject is allowed to perform an action on a specific resource based on defined attributes. ### Development and Classification The standard is developed by OASIS (Organization for the Advancement of Structured Information Standards) and was designed by Simon Blackwell. Within the hierarchy of computing languages, XACML is categorized as: * A **Programming Language**: A language for communicating instructions to a machine (specifically regarding access decisions). * A **Domain-Specific Language**: Tailored specifically for access control rather than general computation. * **Semi-structured Data**: Utilizing a format like XML that does not require a rigid schema but provides hierarchical structure. ### Programming Paradigm XACML operates using a **declarative programming** paradigm. Unlike imperative programming, which uses statements to change state, declarative programming expresses the logic of a computation without describing its control flow. In the context of XACML, this means administrators define the rules and conditions for access (the policy) rather than the step-by-step process of checking those rules. ### Related Languages and Derivatives The knowledge entry identifies specific relationships to other languages: * **Abbreviated Language For Authorization**: A pseudocode language used in the formulation of access-control policies, related to XACML. * **GeoXACML**: A known derivative work of XACML, likely extending the standard for geospatial authorization use cases. ## References 1. Freebase Data Dumps. 2013 2. Quora 3. [OpenAlex](https://docs.openalex.org/download-snapshot/snapshot-data-format)