How such high-level business requirements translate to ABAC on a technical level is not always obvious. The blog post series use a sample application to illustrate the difference between existing, often role based concepts, and ABAC to examine when the latter can be motivated. The application used
The scenario we will use is that of a car dealership company. In the company, purchase orders are deemed as sensitive resources and hence they need to be protected. The policies we will write will revolve around purchase orders. Let’s define some vocabulary. A purchase order has an identifier,
XACML Policy Enforcement Points A policy enforcement point (PEP) in the XACML architecture is responsible for: intercepting a business request (e.g. a user web request to a backend servlet) creating an authorization request using any number of attributes available from the business request and
XACML standard covers three major parts: Reference Architecture: The standard proposes reference architecture with commonly accepted names for the various entities involved in the architecture. Policy Language: The standard defines syntax for the language used to write access control rules and
(Short) Story of Access Control Access control can be thought of as a way to selectively restrict access to a specific resource. The actual process of obtaining the access to the resource is know as authorization. Over the course of several decades, several models of access control systems have