The XACML policy language is almost as expressive as a natural language. However, computers are rigid and therefore the XACML grammar must be strictly adhered to. You need an editor with a complete language support. The APS Policy Administration Point (PAP) is the most advanced XACML policy authoring and debugging tool available on the market.
The Axiomatics PAP editor is a graphical user interface (GUI) for policy authoring. It comes with a rich set of features to help administrators produce XACML 3.0 conformant policies. As of Axiomatics Policy Server 5.0, Axiomatics also delivers text-based editors for policy authoring utilizing the Axiomatics Language for Authorization (ALFA).
These are some of the main characteristics of the Axiomatics PAP interface:
- Complete support for all XACML 3.0 specific functions and data types. The graphical user interface helps administrators manage all language specific features such as combining algorithms, obligations and advice, simple value-comparing conditions or advanced XPath expressions, etc.
- A tree-view provides an overview of policy sets and the policies and rules that they contain.
- Through drag-and-drop, items can be moved in the tree-view.
- Policies can be loaded for request simulations.
- Evaluation of simulated requests can be examined in a step-wise debugging tool.
The screen shot below shows a policy set loaded for simulation and debugging in the Axiomatics standard PAP GUI:
The Axiomatics standard GUI consumes the Axiomatics PAP server API to provide these features in a graphical user interface. This GUI is an advanced general-purpose XACML authoring tool. However, other policy editors can use the PAP API as well. Customers may connect editors to APS which they build themselves or use special-purpose editors provided by Axiomatics Professional Services.