Document Type


Publication Date




For many banks and customers in the Middle East and Islamic world, the availability and the ability to apply Islamic Shariah rules on financial activities is very important. In some cases, business and technical barriers can limit the ability to apply and offer financial services that are implemented according to Shariah rules.

In this paper, we discuss enforcing Shariah rules from information technology viewpoint and show how such rules can be implemented and enforced in a financial establishment. Security authorization standard XACML is extended to consider Shariah rules. In this research XACML architecture, that is used and applied in many tools and system architectures, is used to enforce Shariah rules in the banking sector rather than its original goal of enforcing security rules where policy management systems such as XACML are usually used.

We developed a model based on XACML policy management to show how an Islamic financial information system can be used to make decisions for day to day bank activities. Such a system is required by all Islamic banks around the world. Currently, most Islamic banks use advisory boards to provide opinions on general activities. The gap between those high level general rules and decision for each customer business process is to be filled by Islamic financial information systems.

The flexible design of the architecture can also be effective where rules can be screened and revisited often without the need to restructure the authorization system implemented. Authorization rules described here are not necessarily the perfect reflection of Shariah opinions. They are only shown as a proof of concept and a demonstration of how such rules can be written and implemented.

Copyright Statement

This document was originally published in Journal of King Saud University - Computer and Information Sciences by Elsevier. This work is provided under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International license. Details regarding the use of this work can be found at: nd/4.0/. doi: 10.1016/j.jksuci.2014.11.001