Managing Access Policies

Administrators can maintain a complete life cycle of policies with the Policy Administration Point (PAP) of Axiomatics Policy Server. This also supports advanced debugging of XACML policies and simulating access requests to test the results of the requests.

Enforcing Access Policies

The first step of enforcing access policies is to make an access decision for an access request based on the policies. The core component of Axiomatics Policy Server is its Policy Decision Point (PDP)* which evaluates access requests against relevant XACML policies and makes a permit or deny decision. The given access decision is then enforced by an application-specific Policy Enforcement Point (PEP). Axiomatics provides a range of PEPs for various purposes and on various platforms and application servers.

*We have developed a highly optimized PDP for version 2.0 and version 3.0 of XACML.

Auditing Access Policies

The stand-alone Axiomatics Policy Auditor is a tool for analyzing and gathering information about the effects of policies. It provides a query-answer mechanism used for verification of policies as a preventative task. This tool is designed for managers, controllers and auditors to review policies and their effects. Axiomatics Policy Server has separate functionalities for log analysis. This mechanism filters earlier access decisions and the policies that generated those results. Reports on who, under what circumstances and based on which policies have been accessed can be created using this mechanism.