In any enterprise, data security is of the essence. Access to information should be controlled based on predefined rules and policies. IT security governance is a mechanism in which an enterprise directs and controls access to information and related IT security. Therefore, information security governance requires a significant effort as it determines who is authorized to make decisions and ensures that security strategies are aligned with business objectives.

The written security policy acts as a primary means by which an enterprise's governing body expresses its intent to secure information, give direction to management and staff, and informs other stakeholders of privacy efforts.

As XACML also acts as a medium to enforce “Role Based Access Control” (RBAC), we can easily control the authorization mechanisms by placing all XACML configurations in a single place.

In this session, Dimuthu and Amila will look at how XACML can be used to define fine-grained authorization policies, as well as how it can be applied to SOAP based Web Services and even RESTful services. In addition to XACML, they will also show how to control Web Service calls through defined roles.


Dimuthu Leelarathne

Dimuthu Leelarathne
Technial Lead, Product Manager WSO2 Stratos

Amila Jayasekara

Amila Jayasekara
Technial Lead


  • What is governance?
  • What is security policy?
  • How security policy is enforced
  • Challenges in enforcing Security policy for B2B transactions
  • Restricting service calls by enforcing role access
  • Defining XACML policies
  • Using XACML to define security policy
  • Using XACML to enforce policy in SOA
  • XACML within SAML
Access Recordings/Slides

Click here to access the recordings/slides.

To view other WSO2 SOA Summer School 2011 sessions click here.