Axiomatics Policy Server (APS) is the first tool that fully implements both the industry standard XACML 2.0 and XACML 3.0 working draft. Users of APS will therefore be empowered to utilize the full range of capabilities that XACML can offer, based on years of constant improvements as the standard continues to evolve.

Components of Axiomatics Policy Server

• Policy Administration Point (PAP) to manage and administer access control policies.
  APS PAP offers an intuitive and user-friendly XACML policy editor for users to create, update, or delete XACML policies. The PAP allows editing policies in both XACML 2.0 and 3.0 formats. The PAP also includes features such as XACML policy debugger to find out why policies do not behave as intended, PDP virtualisation that allow users to separate policies in different PDP instances thereby isolating evaluation of policies in different domains, and a request simulator for users to test and validate the effects of updated policies.
• Policy Decision Point (PDP) to evaluate access requests and provide authorization decisions.
  The Axiomatics Policy Server PDP evaluates access requests with respect to XACML policies and provides access control decisions. The PDP implements both XACML 2.0 and 3.0. The PDP supports the XACML multiple resource profile that allows users to submit requests to several resources at the same time and to receive a list of access decisions.

Benefits of Axiomatics Policy Server

A unified standard for enterprise-wide and fine-grained authorizations

Implementing the open industry XACML standard, APS provides the following benefits for enterprises:

• All access policies can be written and implemented in one standard format, and every element of the access control system understands every other element perfectly, without the need for awkward work-arounds. An open industry standard also ensures that integration of new applications into the organization works seamlessly with all the components in the existing system.
• Auditing and certification of user authorization becomes a more straightforward task once permissions are derived from policies rather than from multiple and disparate configuration settings.

Reduced access control management costs

APS makes it possible to externalize and centralize the administration of access control so that many applications can be maintained from a central point. This offers the following benefits:

• Shortened application or service development time as developers do not need to implement access control in every application.
• Reduced time for updating access control policies as administrators can quickly apply the updates across the entire organization in a single operation using APS.
• Easier to adjust applications to demands and legislation, such as Sarbanes-Oxley or HIPAA.

Increased business operational efficiency

With APS delegation (as part of the XACML 3.0 implementation), local decision makers can be empowered with a clearly defined set of rights to alter policies. Business managers can be authorized to change policies, removing  redundant loops via the IT team and making the organization efficient and more responsive.

Policy interoperability and exchange

Unlike other XACML-compatible products in the market, APS not only talks XACML by supporting its query-response protocol, but also thinks XACML. This gives our customers the ability to exchange policies between products and across organizations. It is also future-proof as it follows the standard as it develops.

Real-time enforcement of complex authorization decisions

APS makes it possible to enforce authorization policies, i.e.dynamically changing conditions such as the time of access and the IP-address of the user,  in other data sources.

Learn more about the full benefits and features of Axiomatics Policy Server. Download APS white paper and product sheet