U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications

Published

Author(s)

David Ferraiolo, Ramaswamy Chandramouli, Chung Tong Hu, David Kuhn

Abstract

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control (ABAC) standards with similar goals and objectives. An objective of both is to provide a standardized way for expressing and enforcing vastly diverse access control policies on various types of data services. However, the two standards differ with respect to the manner in which access control policies are specified and implemented. This document describes XACML and NGAC, and then compares them with respect to five criteria. The goal of this publication is to help ABAC users and vendors make informed decisions when addressing future data service policy enforcement requirements.
Citation
Special Publication (NIST SP) - 800-178
Report Number
800-178
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.800-178
Local Download

Keywords

access control, access control mechanism, access control model, access control policy, attribute based access control (ABAC), authorization, Extensible Access Control Markup Language (XACML), Next Generation Access Control (NGAC), privilege
Identity and access management

Citation

Ferraiolo, D. , Chandramouli, R. , Hu, C. and Kuhn, D. (2016), A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-178, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=921235 (Accessed May 10, 2026)
Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created October 3, 2016, Updated May 7, 2026
Was this page helpful?