This work proposes a XML-based framework for distributing and enforcing RSVP access control policies, for RSVP-aware application servers. Policies are represented by extending XACML, the general purpose access control language proposed by OASIS. Because RSVP is a specific application domain, it is not directly supported by the XACML standard. Hence, this work defines the XACML extensions required for representing and transporting the RSVP access control policy information. The XACML-based framework is proposed as an alternative to the PCIM-based approach, proposed by IETF. The work shows that, while XACML is easier to understand and deploy, it lacks the flexibility offered by PCIM. However, by properly extending XACML, the paper shows that the OASIS model is suitable for defining complex access control policies for specific domains, such as RSVP.