As its name implies, XACML tries to define the standard means of providing access control mechanisms and policies within XML documents. Regarded as another pioneering effort from OASIS, XACML is expected to complement SAML in providing authentication and authorization capabilities to XML documents and Web services in particular.
XACML strives to provide fine-grained control over authorization privileges that can exist over a resource (such as read, write, create, delete and so on), based on specific criteria such as the following:
Subject identity. (Example: Only subscribers can access the credit card password.)
Subject group. (Example: Only senior managers are entitled to view the financial statement.)
Authentication mechanism. (Example: Requests should be authenticated using XML Dsig.)
Protocol over which the request is made. (Example: Credit card statements can be viewed only over HTTPS.)
XACML paves the way for incorporating security access policies into confidential XML documents in a standard manner. It provides XML with "...a sophisticated access control mechanism that enables the initiator not only to securely browse XML documents, but also to securely update each document element..." (per the specifications).
Although it is in its very initial stages, XACML is expected to become the standard XML specification for structured entitlement, and gain widespread acceptance from the Web services community. (IBM's XML Security Suite is one of the earliest toolkits to implement XACML.)