XACML
XACML (Extensible Access Control Markup Language) is an open standard XML-based language designed to configure security policies and access rights to information for web services. XACML supports fine-grained and attributes based access control definitions. It also supports composing of policies by re-using the low-level definitions.
The following image depicts a simplified XACML policy model.
| Attribute | Description |
|---|---|
| Resource | Data, service, or system component. |
| Subject |
Predicate: A statement about attributes whose truth can be evaluated. An actor whose attributes may be referenced by a predicate. |
| Action | An operation on a resource. |
| Environment | The set of attributes that are relevant to an authorization decision and are independent of a particular subject, resource or action. |
Target: Set of simplified conditions for the subject, resource, and action that must be met for a policy set, policy, or rule to apply to a given request.
Obligation: An obligation is a directive from the policy decision point (PDP) to the policy enforcement point (PEP) on what must be carried out before or after access is approved.
- Adding roleId : ADMIN in the header works currently for HMS, as it is a default config.
- Adding companyid : <value> in the headers for POST request to the store the companyid along with payload in database.
- Adding companyid : <value> in headers for GET response to fetch the data based on companyid which is validated against legalEntityId in the respective columns.
XACML Editors
- Temenos XACML Policy Editor
- PAP-UI
- Third-Party Editors
- The good and easy to use open-source editors for XACML policy files are:
- Eclipse ALFA Plugin
- UMU-XACML-Editor
- WSO2 Identity Server
- The good and easy to use open-source editors for XACML policy files are:
In this topic