1 Scope
2 References
3 Definitions
3.1 Terms defined elsewhere
3.2 Terms defined in this
Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Overview
6.1 Requirements
6.2 Rule and policy combining
6.3 Combining algorithms
6.4 Multiple subjects
6.5 Policies based on subject and
resource attributes
6.6 Multi-valued attributes
6.7 Policies based on resource
contents
6.8 Operators
6.9 Policy distribution
6.10 Policy indexing
6.11 Abstraction layer
6.12 Actions performed in conjunction
with enforcement
6.13 Supplemental information about a decision
7 XACML models
7.1 Data-flow model
7.2 XACML context
7.3 Policy language model
8 Syntax
8.1 Element <PolicySet>
8.2 Element <Description>
8.3 Element <PolicyIssuer>
8.4 Element <PolicySetDefaults>
8.5 Element <XPathVersion>
8.6 Element <Target>
8.7 Element <AnyOf>
8.8 Element <AllOf>
8.9 Element <Match>
8.10 Element <PolicySetIdReference>
8.11 Element <PolicyIdReference>
8.12 Simple type VersionType
8.13 Simple type VersionMatchType
8.14 Element <Policy>
8.15 Element <PolicyDefaults>
8.16 Element
<CombinerParameters>
8.17 Element
<CombinerParameter>
8.18 Element
<RuleCombinerParameters>
8.19 Element
<PolicyCombinerParameters>
8.20 Element
<PolicySetCombinerParameters>
8.21 Element <Rule>
8.22 Simple type EffectType
8.23 Element
<VariableDefinition>
8.24 Element
<VariableReference>
8.25 Element <Expression>
8.26 Element <Condition>
8.27 Element <Apply>
8.28 Element <Function>
8.29 Element
<AttributeDesignator>
8.30 Element
<AttributeSelector>
8.31 Element <AttributeValue>
8.32 Element <Obligations>
8.33 Element <AssociatedAdvice>
8.34 Element <Obligation>
8.35 Element <Advice>
8.36 Element
<AttributeAssignment>
8.37 Element
<ObligationExpressions>
8.38 Element
<AdviceExpressions>
8.39 Element <ObligationExpression>
8.40 Element <AdviceExpression>
8.41 Element
<AttributeAssignmentExpression>
8.42 Element <Request>
8.43 Element <RequestDefaults>
8.44 Element <Attributes>
8.45 Element <Content>
8.46 Element <Attribute>
8.47 Element <Response>
8.48 Element <Result>
8.49 Element
<PolicyIdentifierList>
8.50 Element <MultiRequests>
8.51 Element <RequestReference>
Page
8.52 Element <AttributesReference>
8.53 Element <Decision>
8.54 Element <Status>
8.55 Element <StatusCode>
8.56 Element <StatusMessage>
8.57 Element <StatusDetail>
8.58 Element
<MissingAttributeDetail>
9 XPath 2.0
definitions
10 Functional requirements
10.1 Unicode issues
10.2 Policy enforcement point
10.3 Attribute evaluation
10.4 Expression evaluation
10.5 Arithmetic evaluation
10.6 Match evaluation
10.7 Target evaluation
10.8 VariableReference evaluation
10.9 Condition evaluation
10.10 Extended
"indeterminate"
10.11 Rule evaluation
10.12 Policy evaluation
10.13 Policy set evaluation
10.14 Policy and policy set value for
i "Indeterminate" target
10.15 PolicySetIdReference and
PolicyIdReference evaluation
10.16 Hierarchical resources
10.17 Authorization decision
10.18 Obligations and advice
10.19 Exception handling
10.20 Identifier equality
11 Conformance
Annex A – Data-types and functions
A.1 Introduction
A.2 Data-types
A.3 Functions
A.4 Functions, data-types,
attributes and algorithms planned for deprecation
Annex B – XACML identifiers
B.1 XACML namespaces
B.2 Attribute categories
B.3 Data-types
B.4 Subject attributes
B.5 Resource attributes
B.6 Action attributes
B.7 Environment attributes
B.8 Status codes
B.9 Combining algorithms
Annex C – Combining algorithms
C.1 Extended
"Indeterminate" values
C.2 Deny-overrides
C.3 Ordered-deny-overrides
C.4 Permit-overrides
C.5 Ordered-permit-overrides
C.6 Deny-unless-permit
C.7 Permit-unless-deny
C.8 First-applicable
C.9 Only-one-applicable
C.10 Legacy Deny-overrides
C.11 Legacy Ordered-deny-overrides
C.12 Legacy Permit-overrides
C.13 Legacy Ordered-permit-overrides
Appendix I – Example
I.1 Example one
I.2 Example two
Appendix II – XACML extensibility points
II.1 Extensible XML attribute types
II.2 Structured attributes
Appendix III – Security and privacy considerations
III.1 Threat model
III.2 Safeguards
III.3 Unicode security issues
III.4 Identifier equality
Appendix IV – Schema
Bibliography