OASIS ratifies specification as Open Standard Sun Microsystems on Tuesday announced the release of an open-source implementation of XACML (eXtensible Access Control Markup Language) 1.0, billed as a standard mechanism for setting access controls in Web services and other applications.OASIS, meanwhile, on Tuesday announced that members have approved XACML as an OASIS Open Standard, which is the organization’s highest level of ratification, according to OASIS.XACML is a specification for expressing policies in XML for information access over the Internet. Sun’s implementation, developed within the company’s Internet Security Research Group, is intended to enable use of the language in applications ranging from file servers to Web services and directories, according to Steve Hanna, senior staff engineer in Sun Labs, inBurlington, Mass. “Anything that needs access control can adopt XACML as [its] access control policy language,” Hanna said.XACML is intended to replace proprietary access control mechanisms, Hanna said. The problem has been that every vendor has had its own custom way to specify access control, he said. “That’s a nightmare from an administrative standpoint,” said Hanna.Sun’s XACML code can be integrated into products such as a file server or a Web services toolkit free of charge, he said. The company hopes to generate revenues off of XACML by including it in policy-driven computing initiatives such as Sun’s N1 plan, said Hanna. “With N1, we aim to automate and virtualize the management of the datacenter, and in order to do that, it’s beneficial to have a common policy language across all the servers that are running in the datacenter,” said Hanna. Hardware and software vendors would need to include XACML support in their products, said Hanna.Sun’s XACML code is available for download athttp://sunxacml.sourceforge.net.The OASIS XACML Technical Committee has had participation from vendors such as IBM, BEA Systems, and Entrust. Software DevelopmentTechnology Industry