Download your copy of our State of Authorization: Playbook Edition Get it now »

Is ALFA a part of the OASIS XACML Technical Committee series of standards?

Let's explore the origins and current state of ALFA, and it's evolution towards future OASIS standardization.

This article was updated on October 19, 2023

The Organization for the Advancement of Structured Information Standards (OASIS) is a nonprofit, international consortium which promotes the adoption of product-independent standards for information formats such as eXtensible Access Control Markup Language (XACML).

The Abbreviated Language for Authorization (ALFA) is a pseudocode language used in the formulation of access control policies.

ALFA maps directly into XACML and contains the same structural elements as XACML (i.e. PolicySet, Policy, and Rule).

But…is ALFA part of the OASIS XACML Technical Committee Series of Standards?

Let’s explore.

Abbreviated Language for Authorization (ALFA)

ALFA was developed by Axiomatics’ own Pablo Giambiagi to offer policy developers a more lightweight notation as an alternative to XML-based XACML.

To advance the standardization of ALFA, Axiomatics donated the language to the OASIS XACML Technical Committee (TC) in 2014.

The following year, the Abbreviated Language for Authorization Version 1.0 Working Draft was submitted by Pablo Giambiagi, Dr. Srijith K. Nair, and myself to the XACML TC with the following abstract:

“The aim of this profile is to propose a domain-specific language for an abbreviated high-level description of XACML authorization policies. The XACML policy syntax is specified in the core XACML specification. This profile leverages it.”

ALFA is not yet a part of the OASIS series of standards, but we are excited about the prospect of OASIS providing a standardization of this language.

Due to its ease of use and similarity to third and fourth generation programming languages like Java and C#, ALFA is often the preferred policy authorizing mechanism for many of Axiomatics’ customers.

According to the OASIS TC process guidelines, the standards track for Work Products progress as follows:

  1. Committee Specification Draft,
  2. Committee Specification Public Review Draft,
  3. Committee Specification,
  4. Candidate OASIS Standard,
  5. OASIS Standard; and
  6. Approved Errata.

The Abbreviated Language for Authorization Version 1.0 Working Draft, contains the following status:

“This Working Draft (WD) has been produced by one or more TC Members; it has not yet been voted on by the TC or approved as a Committee Draft (Committee Specification Draft or a Committee Note Draft). The OASIS document Approval Process begins officially with a TC vote to approve a WD as a Committee Draft. A TC may approve a Working Draft, revise it, and re-approve it any number of times as a Committee Draft.”

What’s next?

Currently, Version 1.0 Working Draft has not yet been voted by the TC or approved as a Committee Draft. This document has a few more steps to go through before becoming an OASIS standard, but it is on the path to becoming so.

If you would like to become involved in the process of ALFA becoming an OASIS standard, then navigate to the OASIS XACML Technical Committee. Here you will find information about participating in this effort, either as a member of the committee or providing comments during the public review.

Learn more about ALFA for XACML v.1.0

Request a demo to see ALFA in action.


  Join us on LinkedIn for more insights
Archived under:
About the author

Babak Sadighi is founder and head of strategy at Axiomatics. His extensive experience in the fields of access control and authorization management and has also led multiple collaborative R&D projects. He is also an advisor and mentor to tech several start-ups.