I'm new to XACML (the eXtensible Access Control Markup Language), and I'm a bit confused. I don't get what a profile is. For example the RBAC or SAML profiles.
What's the difference among them? Isn't the structure and elements always the same?
Thank you for you help
There are two things that XACML profiles specify: which AttributeId should be used for certain pieces of information, and a specific structure the policy should take.
XACML is powerful, mainly due to it's flexibility, but this flexibility comes at cost when you want to exchange policies between organizations. For example, one organization might use the identifier "login-id" to specify a user's account name whereas another might use "username". Profiles can define well-known identifiers for this attribute.
Specifying the structure can be useful when higher-level management interfaces are built on top of some policy. It's often necessary to extract information from the policy and present it to the user, and limiting the structure in a profile can be a way to document what is expected.
Profiles can also be used as a "here's a way to do this use case in XACML" type of document, which saves customers and vendors re-implementing the wheel.