Date Published: December 2015
Comments Due: January 15, 2016 (public comment period is CLOSED)
Email Questions to: email@example.com
Withdrawn: October 03, 2016
David Ferraiolo (NIST), Ramaswamy Chandramouli (NIST), Vincent Hu (NIST), Richard Kuhn (NIST)
NIST requests public comments on Draft NIST Special Publication 800-178, A Comparison of Attribute Based Access Control (ABAC) Standards for Data Services. Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. The aim of both is to provide a standardized way for expressing and enforcing vastly diverse access control policies on various types of data services. However, the two standards differ with respect to the manner in which access control policies are specified, managed, and enforced.
This document describes XACML and NGAC, and then compares them with respect to five criteria. The goal of this publication is to help ABAC users and vendors make informed decisions when addressing future data service policy enforcement requirements.
The specific areas where comments are solicited are:
- Accuracy in the description of the XACML and NGAC frameworks; and
*The PDF of the draft was updated on December 15, 2015--see the Note to Reviewers on p. iii for details. (You may need to reload/re-save the PDF to see the changes.)
Keywords access control mechanism; access control model; access control policy; attribute based access control (ABAC); authorization; Extensible Access Control Markup Language (XACML); Next Generation Access Control (NGAC); access control; privilege