Abstract
Extensible Access Control Markup Language (XACML) is an access control policy language widely used in order to separate access decisions from client applications. Although the access decisions can be changed manually, allowing for multiple client systems to use the changed policies, the system itself is still falling behind its times because it is incapable of handling changes efficiently in relation to complex business policy updates. For this project, we have implemented a system that incorporates active rules, a concept commonly seen in relational databases, into XACML as an extension in order to provide dynamic changes to XACML policies. The project provides a language specification for creating active rules for XACML policies and a prototype middleware system that stands in as a parser and event handler for handling rule retrievals and executions. The system is created specifically for XACML in order to parse through active rules more efficiently. It is separated into two interfaces, one for handling active rules and one for user queries. Through the incorporation of active rules, XACML policy systems can be given precision policycontrol and be provided dynamic integrity constraint checks.