The WSO2 Security and Identity Gateway supports centralized, policy-based authorization through entitlement policies defined in XACML (a declarative access control policy language implemented in XML). XACML is used to define fine-grained authorization policies that help consistently glue an organization’s business-level security requirements with the security implementation framework.

The WSO2 Security and Identity Gateway also allows authorization and entitlement logic to be centrally-managed and maintained external to the applications. This decoupling fits the very essence of a typical SOA deployment, catering ever changing business requirements. Centrally-managed authorization enables the management and the governance of a co-operate wide security model. Hence minimizes the risk of the security being compromised at individual application nodes.