A system and method for implementing XSL/XML based authorization rules policy on a given set of data. An authorization rules engine is created which uses authorization rules defined in XSL to operate on access decision information (ADI) provided by the user. Inside the authorization rules engine, a boolean authorization rules mechanism is implemented to constrain the XSL processor to arrive at a boolean authorization decision. By applying the constrained authorization rules, the authorization rules engine evaluates available ADI data from an ADI XML input document. An output from a set of predetermined authorization decisions is provided to the user when the ADI input data is successfully evaluated. An error message is also provided to the user if required ADI data is unavailable for evaluation.