Powerful (and FREE) XACML Editor: 5 Ways It Saves Access Control Policy Authors Time

Tuesday, April 24, 2018

Anyone who’s worked with XACML will likely agree that writing new access control policies or going back to make changes to existing XACML documents isn’t always a simple task. Depending on the size of your organization or your client’s organization, XACML policies can become a complex mess quickly if you don’t have the right tools at your disposal.

Security Policy Tool’s state-of-the-art modeling, systematic testing, and verification features deliver significant value to organizations looking to enhance their access control security. However, did you know the included XACML Editor in Security Policy Tool also delivers several key benefits? Here are 5 ways the powerful (and free) XACML Editor saves policy authors time working with access control policies:


                                                                                                                                                    (Screenshot of Security Policy Tool - XACML Editor)

1.)   Intelligent XACML Policy Development

When you first run the Security Policy Tool – XACML Editor you will find you are able to create a variety of different document types such as a Blank Document, XACML 3.0 Policy, XACML 3.0 Request, XACML 2.0 Policy, or XACML 2.0 Request document. As you begin building your document, Security Policy Tool will dynamically analyze and compare what you have written against all XACML 2.0/3.0 standards to provide you suggestions whenever possible. For example, if you were to create a “Rule” within your Policy Document and begin building your “Target” element; Security Policy Tool will automatically detect and suggest to add the following “AnyOf” and then “AllOf” elements. If you choose to ignore this suggestion then Security Policy Tool will provide you a brief description near the top of your window explaining that the missing “AnyOf” or “AllOf” element (e.g. in Row 6, Column 3) was expected following a “Target” element. Security Policy Tool helps policy authors to not only build their policy more quickly by providing these suggestions but to also help them avoid creating errors. 

2.)    Assistive XACML Code Completion

As you begin typing within the text editing area of the Security Policy Tool – XACML Editor you’re sure to quickly realize that the tool has been developed to help you create your policies efficiently. As you type you will notice you are provided all relevant XACML code selections dynamically. For example, if you were to type “<” on a new line in the text editing area you will see a dropdown list appears presenting all possible element options such as “Description”, “PolicyIssuer”, “Content”, “Attribute”, “AttributeValue”, “PolicySetDefaults”, etc. making it easy to quickly continue developing your policy without having to type every element completely out. This way you can focus less on small matters and more on if you have created your specific rules/policies exactly as you have intended.

3.)   Full XACML 2.0/3.0 Support and Conversion

The Security Policy Tool – XACML Editor fully supports all XACML 2.0/30 standards. Instead of having to write out each value fully for example “urn:oasis:names:tc:xacml:3.0:function:string-from-ipAddress" you can simply begin typing in the provided field “string” and you will be able to quickly select the value you are looking for from a list of all possible values containing “string”. Security Policy Tool provides all standard element-child selections based on your XACML 2.0/3.0 policy needs. Also, if you are editing your existing XACML document and would like to convert it from 2.0 to 3.0 or vice versa the Security Policy Tool – XACML Editor can automatically convert your document with just a click of your mouse.

4.)   Text and Graph-based Representation

In addition to the large text-editing area located within the powerful XACML Editor, there is also a GUI representation of your policy to the right side of your window. As you create your policy in the text editing area, the GUI (tree) representation will begin building dynamically as well. If you prefer, you can even build your policy specifically in the GUI (tree) representation and the text area will then fill dynamically. For the more traditional XACML specialist, the GUI (tree) representation will provide them benefits by enabling them to quickly see a more general overview of their document. Probably the best feature of this GUI (tree) representation is that you can click on any portion of your policy within the tree and it will immediately highlight that portion of your policy in the text editing area. This makes it easy to find rules or specific portions of your policy that you would like to look at again without having to dig through every line of your complex document.

5.)   On-the-fly XACML Syntax Error Detection

Last, but certainly not least the Security Policy Tool – XACML Editor has been built to help policy authors avoid errors as they create their policies. Similar to what was mentioned previously, Security Policy Tool will provide suggestions to the document author as they build their policy or request. This helps them to avoid common errors or typos as they create each line. For specialists designing XACML documents that follow closely to XACML 2.0/3.0 standards, this syntax error detection can be extremely helpful. It helps them avoid having to spend additional time to carefully analyze for small (or large) typos, errors, or flaws that could be potentially hidden within their document. Even one small error can be the cause of a major access control leak so helping XACML specialists avoid these errors was a major priority during development. We recommend in addition to using the powerful XACML Editor to also model, test, and verify your access control policies in the Security Policy Tool area of the solution. This will help you ensure that when your system is handling live access requests that your policies will not be causing unintended privileges or access control leaks. 


Security Policy Tool is changing the game in XACML Editing by minimizing the common challenges associated with creating secure and accurate access control policies. Try the Security Policy Tool – XACML Editor for free today and see for yourself how much time you can save creating access control (XACML) policies. To view a brief 2:26 video on the XACML Editor and to visualize some of these points click here or if you’re ready to try the XACML Editor firsthand click here to begin creating your free Security Policy Tool account, right now!