XML Security: XACML and SAML

XACML and SAML: How different and how similar?

XACML architecture is tightly intertwined with SAML architecture. They both share a lot of concepts and a domain -- the domain of authentication, authorization, and access control. However, the problems they address in the same domain are different. While SAML addresses authentication and provides a mechanism for transferring authentication and authorization decisions between cooperating entities, XACML focuses on the mechanism for arriving at those authorization decisions.

The SAML standard provides interfaces that allow third parties to send their requests for authentication and authorization. How these authorization requests are processed internally is addressed by XACML standards. XACML not only processes the authorization requests, but it defines the mechanism for creating the complete infrastructure of rules, policies, and policy sets to arrive at the authorization decisions. Given that both SAML and XACML share the same domain, it is highly likely and desirable that these two specifications will eventually be merged into one.

Links:
Demystifying SAML -
http://dev2dev.bea.com/lpt/a/456
XML Security: Control information access with XACML -
http://www-128.ibm.com/developerworks/xml/library/x-xacml/