With lot of hype surrounding policy-based computing, XACML (eXtensible Access Control Markup Language) has become the widely used de facto standard for managing access to open and distributed service-based environments like Web services. However, like any other policy language, XACML has complex syntax, which makes the policies specification process both time consuming and error prone, especially with large size policies that govern complex systems. Moreover, with the diversity of rules and conditions, hidden conflicts, redundancies and access flaws are more likely to arise, which expose Web services to security breaches at runtime. This paper proposes a UML profile that allows systematic model-driven specification of XACML policies to reso...