IV. Implementation Guide


The final component of the technical privacy training is a deep dive into the development and implementation of eXtensible Access Control Markup Language (XACML) code: machine-readable privacy policies and access requests and responses, together with the XACML architectural components that enable external authorization. The Implementation Guide includes hands-on XACML exercises as well as a downloadable "virtual machine" with an identity provider (IDP), policy enforcement point (PEP), and policy decision point (PDP).

We recommend that you start with the Download Instructions:

Download Instructions

  • The Global Privacy Policy Technical Framework Guide (GPPTF) can be downloaded in either a .pdf or .docx format.  It presents detailed technical information about the XACML reference architecture, the sample implementation, and additional resources.
    Visit Implementation Guide Section

  • The Technical Lessons provide hands-on experience with the syntax and evaluation process of XACML. The lessons can either be downloaded as a group or accessed individually from The Technical Lessons page.  The lessons assume you have access to The Exercise Files.
    Visit Lesson Section
  • The Exercise Files are .xml documents.  It is assumed you have access to XML editing software.  Download the .zip folder and then extract the .xml files.  Each Exercise File is associated with a particular Lesson through its file number.  For example, the .xml files for Lesson 3.1.1 are contained in the “$POLICY_GUIDE/xacml_lessons/3.1.1/” directory.
    Visit Exercise File Section
  • The Virtual Machine includes all of the software necessary to complete the lessons, and it can also be used as a testbed for the XACML policy rules and access requests and responses you create.  It is critical to use 7-Zip (available without charge at http://www.7-zip.org ) to unzip The Virtual Machine. Visit Virtual Machine Section