Updated July 30, 2023

NextLabs’ Active Control Policy Language (4GL) is based on XACML (eXtensible Access Control Markup Language) which is an OASIS standard XML-based language for access control designed specifically for Attribute-Based Access Control (ABAC). It is both an access language, request/response language and reference architecture. Policy language expresses the policies, such as who may access which files under which department.

In the past, policies were formulated by business users and implemented to the system by programmers. As a result, there is a lot of back and forth between business users and programmers. On the other hand, ACPL(4GL) is a non-procedural language that uses natural language syntax, enabling non-technical users to write and manage their own policies, without requiring additional programming help, thereby increasing the efficiency of businesses. The unique combination of XACML and 4GL will make ACPL the industry standard going forward.

• Simplicity: ACPL is much simpler for a businessperson to use without any technical knowledge. It takes very little time to learn, understand, and write ACPL policies.
• Reusability: ACPL is a component-based policy language, which means that you need only create subject, action, and resource components once to use them in all of your policies. These reusable components are also easy to understand and create.

The main function of the XACML framework is to enable the development of effective security policies across the enterprise, instead of implementing individual policies for each point of access. The goal is to promote a common language and interoperability between access control implementations by multiple vendors.

With the evolution of Web access management, many enterprises have adopted single sign-on systems where web-based authentication and coarse-grained authorization logic are separated from applications. The transition from RBAC to ABAC is inevitable as ABAC permits you to express a rich, complex access control policy more simply.

ABAC enhances RBAC by allowing an enterprise to extend existing roles using attributes and policies. Authorization decisions can be made based not only on a user’s role but also by considering other factors such as, who or what that user is related to. Therefore, by using a simple, easy-to-understand policy that considers the context of the user as well as what access he/she should have, access control becomes stronger and grows significantly in scope.

With ABAC, it also streamlines the management process for dynamic authorization . It removes the need to individually administer thousands or even hundreds of thousands of access-control lists and/or role and role assignments on a daily basis. Additionally, organizations do not need to deploy expensive and complex identity governance solutions. With ABAC, hundreds of roles can be replaced by just a few policies. These policies are managed centrally across all sensitive applications and systems, providing a single pane of glass over the “who, what, where, when, and why.” Centralized management makes it easy to add or update policies and quickly deploy them across the enterprise.

Furthermore, many enterprises are now developing custom access control solutions to meet the complex needs of their business. However, this can be costly and make it difficult to maintain quality service. With XACML, enterprises can avoid this dilemma entirely by adopting a commercial off-the-shelf (COTS) solution instead of building a custom one. XACML’s fine-grained, attribute-based access control policy language, policies can be modified without requiring code changes or application downtime. This enables organizations to react quickly to changes in business or regulatory environments, greatly increasing agility and flexibility, and enhancing overall data protection while greatly reducing cost. By centralizing access policies, it is not necessary to make software changes to individual applications and thus ensure consistent enforcement of policies across essential business applications – without requiring individual system administrators.

“Language is the system of systems” – ACPL(4GL) runs through all our technology which is exposed through the platform’s user interfaces, being the language that makes everything possible in NextLabs’ Dynamic Authorization Platform (Control Center), which is the backbone of NextLabs’ Data Centric Security product suite that targets to solve the most complex access and data protection challenges.

NextLabs Control Center is a centralized platform that enforces security policies consistently across the enterprise and beyond. It integrates automated data classification, access control, rights management, and audit capabilities into one powerful platform that enables you to better align policies with rapidly changing business requirements. The platform can be delivered either on-premises or in the cloud (CloudAz).

Using ACPL(4GL), policies can be modified without requiring code changes or application downtime. This enables organizations to react quickly to changes in business or regulatory environments, greatly increasing agility and flexibility, and enhancing overall data protection. Dynamic authorization with ABAC also allows for central monitoring and tracking of user activity and data access providing compliance and security officers with insight into user behavior and suspicious activities.

The recent May release for Control Center & CloudAz highlights enhanced policy governance with extended cloud-native deployment and microservices capabilities. Follow this link to learn more about the latest release: https://www.nextlabs.com/nextlabs-announces-the-release-of-control-center-and-cloudaz-2022-05/