File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Services Certification (SCDJWS/OCEJWSD) and the fly likes SAML and XACML Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Services Certification (SCDJWS/OCEJWSD)
Bookmark "SAML and XACML" Watch "SAML and XACML" New topic


Sachet Varma
Ranch Hand

Joined: Jun 07, 2009
Posts: 39

SAML and XACML seem to be the same thing - policy languages. Thought SAML talks of assertions , which seem to adress the same thing.

Why do we need two mark up languages that seem to address the same thing? Or have I got it wrong??
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
Good question!
This is how I have understood it:

It defines a language for exchange of authentication, authorization and attribute information typically used in single sign-on, but also distributed transactions.

A policy language for describing access control requirements. Also a access control decision request/response language to determine, for instance, whether a specific action is allowed for the current user of a web service.

I get the feeling that the latter part of XACML, the access control decision part, may be replaceable by SAML.
Best wishes!
Sachet Varma
Ranch Hand

Joined: Jun 07, 2009
Posts: 39
Thanks Ivan. Its more clear now.

So SAML talks from a subject/entity point of view where as XACML talks from a resource point of view.
I agree. Here's the link:
subject: SAML and XACML
It's not a secret anymore!