Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NIST released Draft SP 800-178, A Comparison of Attribute Based Access Control (ABAC) Standards for Data Services. Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)
December 02, 2015

NIST announces the public comment release of NIST Special Publication 800-178A Comparison of Attribute Based Access Control (ABAC) Standards for Data Services. Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. The aim of both is to provide a standardized way for expressing and enforcing vastly diverse access control policies on various types of data services. However, the two standards differ with respect to the manner in which access control policies are specified, managed, and enforced. This document describes XACML and NGAC, and then compares them with respect to five criteria. The goal of this publication is to help ABAC users and vendors make informed decisions when addressing future data service policy enforcement requirements. 

The specific areas where comments are solicited are:

  • Accuracy in the description of the XACML and NGAC frameworks.
  • Analysis


Deadline to submit comments is: January 15, 2016.
Email comments or questions to: sp800-178@nist.gov using the Comment Template included along with this announcement.

The "Type" codes for comment are:

  • E - Editorial
  • G - General
  • T - Technical

 

Parent Project

See: Attribute Based Access Control
Created December 21, 2016, Updated April 26, 2017