Download your copy of our State of Authorization: Playbook Edition Get it now »

Axiomatics Brings XACML-Based Access Control to Windows Server

Stockholm, February 23 2012 – Axiomatics today announced the launch of a new edition to its authorization product suite. The new solution, which is designed specifically for use in the Microsoft Windows Server environment, provides automated translation of XACML (Extensible Access Control Mark-up Language) to Microsoft Corp.’s extended Security Descriptor Definition Language (SDDL), used in the next Windows Server release, Windows Server 8.

Axiomatics is happy to announce its new authorization solution that provides automated translation of XACML (Extensible Access Control Mark-up Language) to Microsoft’s extended Security Descriptor Definition Language (SDDL) that is implemented as part of Windows Server 8 Dynamic Access Control. The solution, which will be demonstrated using Windows Server 8 at the RSA Conference 2012, enables users of the Windows environment to directly utilize the XACML access control model for the first time. The XACML policy language is an Attribute Based Access Control (ABAC) approach, which offers the broadest coverage for many business and security use cases.

According to Babak Sadighi, Axiomatics CEO “Modern enterprises have to enable fast and flexible information sharing, while at the same time ensuring compliance with various internal organization policies and external regulatory regimes. To support this, business applications need elaborate access control solutions in which an authorization system shall not only answer to whom, but also for what, when, from where, why and how access is granted or denied. Furthermore, such an authorization system must implement the access controls across a broad spectrum of applications, data and resource platforms. ABAC is a powerful authorization model capable of handling the complexities involved to achieve this.”

Windows Server 8 introduces Dynamic Access Control, which enhances the file system access authorization to include expressions that contain claims about the user, the device and the resources that the user is trying to access. This enables central access policies to control access based on business and regulatory requirements. Dynamic Access Control widely extends the expressiveness of access control lists (ACL) on information object offering object level access control on the level of the operating system itself.

Axiomatics has achieved integration between SDDL managed access control and the Axiomatics Policy Server (APS). Access policies are created and validated within APS and automatically transformed into SDDL using the new XACML-2-SDDL feature. Transformed policies are loaded into Active Directory and enforced by Windows Server 8. This offers an enterprise-ready implementation of policy-based and dynamic XACML-based authorization. Through the SDDL integration, APS can be used to enforce policies on the operating system level as well as on the application layer. Axiomatics and Microsoft will demonstrate the full lifecycle of authorization policies at the RSA Conference 2012.

“The need to control access to information is key for adhering to regulatory and business requirements. Windows Server 8 Dynamic Access Control provides powerful, built-in functionality to support such requirements,” said Mike Schutz, Senior Director, Windows Server and Virtualization, at Microsoft. “We are excited that Axiomatics takes advantage of Dynamic Access Control in Windows Server”8” to help organizations that use the Axiomatics Policy Server to author policies, or to take XACML policies they already use and apply these policies throughout the file servers in their organization.”

“At Axiomatics we have been advocating the use of ABAC and in particular XACML over the past five years or so,” continues Sadighi. We are seeing a rapid rise in interest in the market both from enterprises, as well as major software vendors who are now beginning to include these solutions in their products. We are naturally thrilled to be collaborating with companies such as Microsoft to complement their SDDL solution. Microsoft recognizes the value of supporting the XACML standard. It’s exciting to know that our products will enable Microsoft customers to utilize XACML to help manage applications and data sharing scenarios within and across their enterprises.

Axiomatics will be demonstrating dynamic access control over sensitive content using the XACML 3.0 Intellectual Property profile at the OASIS XACML showcase (Booth #129). The profile will be implemented using SDDL in Windows Server 8 in one scenario and using XACML 3.0 and SharePoint 2010 in a second scenario.

For more information please contact Axiomatics at the OASIS showcase (Booth #129) or the Microsoft complex at RSA 2012 conference.

Note: Product and company names herein may be trademarks of their registered owners.


Kelly O'Dwyer-Manuel

Media Contact

Kelly O'Dwyer-Manuel
VP, Brand and Communications

Archived under: