eXtensible Access Control Markup Language (XACML) XML Media Type
RFC 7061
Document | Type |
RFC - Informational
(November 2013; No errata)
Was draft-sinnema-xacml-media-type (individual)
|
|
---|---|---|---|
Authors | Remon Sinnema , Erik Wilde | ||
Last updated | 2013-11-19 | ||
Stream | ISE | ||
Formats | plain text html pdf htmlized bibtex | ||
IETF conflict review | conflict-review-sinnema-xacml-media-type | ||
Stream | ISE state | Published RFC | |
Consensus Boilerplate | Unknown | ||
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 7061 (Informational) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Independent Submission R. Sinnema Request for Comments: 7061 E. Wilde Category: Informational EMC Corporation ISSN: 2070-1721 November 2013 eXtensible Access Control Markup Language (XACML) XML Media Type Abstract This specification registers an XML-based media type for the eXtensible Access Control Markup Language (XACML). Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7061. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Sinnema & Wilde Informational [Page 1] RFC 7061 XACML XML Media Type November 2013 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 2 2.1. XACML Media Type application/xacml+xml . . . . . . . . . . 2 3. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 4. Normative References . . . . . . . . . . . . . . . . . . . . . 5 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 6 1. Introduction The eXtensible Access Control Markup Language (XACML) [XACML-3] defines an architecture and a language for access control (authorization). The language consists of requests, responses, and policies. Clients send a request to a server to query whether a given action should be allowed. The server evaluates the request against the available policies and returns a response. The policies implement the organization's access control requirements. 2. IANA Considerations This specification details the registry of an XML-based media type for the eXtensible Access Control Markup Language (XACML) that has been registered with the Internet Assigned Numbers Authority (IANA) following the "Media Type Specifications and Registration Procedures" [RFC6838]. The XACML media type represents an XACML request, response, or policy in the XML-based format defined by the core XACML specification [XACML-3]. 2.1. XACML Media Type application/xacml+xml This specification details the registration of an XML-based media type for the eXtensible Access Control Markup Language (XACML). Media Type Name: application Subtype Name: xacml+xml Required Parameters: none Optional Parameters: charset: The charset parameter is the same as the charset parameter of application/xml [RFC3023], including the same default (see Section 3.2 of RFC 3023). Sinnema & Wilde Informational [Page 2] RFC 7061 XACML XML Media Type November 2013 version: The version parameter indicates the version of the XACML specification. It can be used for content negotiation when dealing with clients and servers that support multiple XACML versions. Its range is the range of published XACML versions. As of this writing, that is 1.0 [XACML-1], 1.1 [XACML-1.1], 2.0 [XACML-2], and 3.0 [XACML-3]. These and future version identifiers must follow the Organization for the Advancement of Structured Information Standards (OASIS) patterns for versions [OASIS-Version]. If this parameter is not specified by the client, the server is free to return any version it deems fit. If a client cannot or does not want to deal with that, it should explicitly specify a version. Encoding Considerations: Same as for application/xml [RFC3023]. Security Considerations: Per their specification, objects of type application/xacml+xml do not contain executable content. However, these objects are XML- based, and thus they have all of the general security considerations presented in Section 10 of RFC 3023 [RFC3023].Show full document text