XACML is a security standard which allows developers to write and enforce information access policies, making it a key component in the development of authorization infrastructures and a foundational step in the creation of federated authentication environments.
The XACML specification describes both an access control policy language (which allows developers to specify who can do what and when), and a request/response language which expresses queries about whether a particular access should be allowed and describes the answers to those queries.
In a typical XACML usage scenario, a subject (e.g. human user, workstation) wants to take some action on a particular resource. The subject submits its query to the entity protecting the resource (e.g. file system, web server). This entity is called a Policy Enforcement Point (PEP). The PEP forms a request (using the XACML request language) based on the attributes of the subject, action, resource, and other relevant information. The PEP then sends this request to a Policy Decision Point (PDP), which examines the request, retrieves policies (written in the XACML policy language) that are applicable to this request, and determines whether access should be granted according to the XACML rules for evaluating policies. That answer (expressed in the XACML response language) is returned to the PEP, which can then allow or deny access to the requester.
Full Story
Currently there are no Talkback posted on "internetnews.com: Web Services Authentication Takes Leap Forward", 
