Tutorial: A Beginner’s Guide to XACML (Part 1)

In part one of our “Tutorial: A Beginner’s Guide to XACML (Part 1) we take a look at attribute-based access control (ABAC) and how it can be applied in a typical scenario whereby sensitive records, namely purchase orders, have to be protected.

This video is part of an Axiomatics tutorial on eXtensible authorization using XACML and ALFA. Attribute-based access control (ABAC) defines a new access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together.

The policies can use any type of attributes (user attributes, resource attribute, etc.). Attributes can be compared to static values or to one another thus enabling relation-based access control. The standard that implements attribute-based and policy-based access control is XACML, the eXtensible Access Control Markup Language.

In this tutorial we will use the ALFA plugin for Eclipse to write authorization policies that implement ABAC. The ALFA Plugin for Eclipse is a tool that converts your Eclipse programming IDE to a dedicated editor of authorization policies using ALFA syntax. ALFA policies can then easily be converted into real XACML 3.0 policies and loaded into your XACML policy management tool. The scenario we will use is that of a car dealership company. The policies we will write will revolve around purchase orders.


Continue to:

A Beginner’s Guide to XACML (Part 2) Getting Started with ALFA

If you have questions or would like further information on Axiomatics Authorization Solutions, please contact us.

Other Resources

Zero Trust Through Dynamic Authorization And Policy Driven Access
Join experts from KuppingerCole Analysts, Ericom and Axiomatics for an interactive discussion on the role of fine-grained access controls in adopting Zero Trust and how best to address that challenge to meet the needs of a hybrid workforce using cloud-based applications and adopting new ways of working, such as DevOps.
The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.