REST Profile of XACML defines details of REST
ful services that conforming eXtensible Access Control Markup Language
implementations must support.
The current version 1 of this profile will only consider the Policy Enforcement Point (PEP) and Policy Decision Point (PDP). Later versions may involve other components of the XACML architecture, like the PAP and PIP.
REST Profile of XACML is quite complimentary to the use of eXtensible Access Control Markup Language within an Authorization Server using OAuth 2.0. OpenID Connect or User-Managed Access
There might be more information for this subject on one of the following: