基于属性的访问控制(ABAC)是面向Web Service应用的一种新的访问控制方法。可 扩展访问控制标记语言XACML是一种支持该方法的重要规范,它给出了ABAC策略执行框架以及ABAC 策略的定义语言。但XACML 中策略定义非常繁琐复杂,对用户提出了很高要求。本文在对ABAC模型进行分析研究的基础上,分析了XACML的策略定义语言,提出了基于XACML 的ABAC策略模版,并给出了基于策略模版编写ABAC 策略的方法,从而在保证策略正确定义的基础上,有效简化了策略定义过程。 关键词:基于属性的访问控制,XACML,策略模版,策略定义方法 ABSTRACT:Attribute Based Access Control (ABAC) is a new access control method in the application of Web Service. eXtensible Access Control Markup Language (XACML) is an important standard supporting ABAC; it brings up an ABAC policy enforcing architecture and an ABAC policy definition method. But it is very complicated to define ABAC policy using XACML, and It is difficult for common user to master it. In this paper, we analyze the definition method in XACML based on the ABAC model, bring up a XACML based policy definition template and the policy definition method based on it. In this way, we can both assure the accurate of the policy and simplify the policy definition procedure. Keyword: Attribute BasedAccess Control, XACML, Policy template, Policy definition method