PERMIS supports the distributed assignment of both roles and attributes to users by multiple distributed attribute authorities, unlike the NIST model which assumes the centralised assignment of roles to users.
PERMIS's strength comes from its ability to be integrated into virtually any application and any authentication scheme like Shibboleth (Internet2), Kerberos, username/passwords, Grid proxy certificates and Public Key Infrastructure (PKI).
As a standard RBAC system, PERMIS's main entities are The PERMIS policy is eXtensible Markup Language (XML)-based and has rules for user-role assignments and role-privilege assignments, the latter containing optional obligations that are returned to the application when a user is granted access to a resource.
User roles and attributes may be held in secure signed X.509 attributes certificates, and stored in Lightweight Directory Access Protocol (LDAP) directories or Web-based Distributed Authoring and Versioning (WebDAV) repositories, or they may be created on demand as Security Assertion Markup Language (SAML) attribute assertions.
New features are continually being added to it, like a standard eXtensible Access Control Markup Language (XACML) interface which allows PERMIS and XACML PDPs to be seamlessly interchanged, the ability to accept SAML attribute assertions, support for dynamic delegation of authority and separation of duty policies, and the recent addition of a controlled natural language interface (in English) for writing simple PERMIS policies.