Skip navigation
It gives me pleasure to inform the community about the release of JBoss XACML v2.0.1-BETA. The license is LGPL.
You can download it from
The Javadoc link is here: Javadoc

The User Guide is here: JBoss XACML User Guide

Why is XACML Important?
- Unlike Authentication, AccessControl/Authorization is a complex area where Role Based Access Control (RBAC) is inadequate in many enterprise situations. XACML is a specification that tries to mitigate this with complex policies that can be woven around a combination of subjects (users/user-agents etc), resources (on which the access control is desired) and Environment (IPAddress, Date, Time etc). You should be able to declaratively (via XML or construct policies) to say things like "Allow this portion of the web site to 18 year olds when the time is between 9am and 5pm", "You should update your own payroll information and can do it when you are employed and on Fridays only" etc.
- Enterprises have been doing this via ACLs and other proprietary mechanisms. Now they can use a standard way.

JDK 5 and later (Need JAXBv2)
Sun JAXB v2.0 and later ( I used v2.1.4).
You can use the one from here: Sun JAXB
Sun XACML v2.0
Use the one from here: SunXACML V2.0
JBoss v5.0 JavaEE Jar ( support. You can get this from JDK6 or any EE distibution).
JBoss JavaEE


Hal Lockhart, Bill Parducci, Anne Anderson (of the Oasis XACML TC for the specification), Rich Levinson, Dennis Pilipchuck (Oasis XACML Interoperability) and Seth Proctor (SunXACML Implementation)
We use the SunXACML implementation for the business logic, policy evaluation etc. It is an implementation detail. The users of JBossXACML will have to concern themselves with JBossXACML's interfaces and object model (and not deal with SunXACML).

How do you want to get involved?

Why don't you sign up for zero-spam mailing list for the JBoss Security Beta Program at. JBoss Security Beta Mailing List ?
Please remember the email address would be jboss-security-beta AT redhat DOT com
Once you sign up as a beta participant, you can have a close collaboration/interaction with the JBoss Security team.

Press/Blogs/Community Interest
Oasis Press Release
XACML finally ready for prime time?
James McGovern Blog
IDM Journal (July 22)