Tutorial: A Beginner’s Guide to XACML (Part 1)

In part one of our “Tutorial: A Beginner’s Guide to XACML (Part 1) we take a look at attribute-based access control (ABAC) and how it can be applied in a typical scenario whereby sensitive records, namely purchase orders, have to be protected.

This video is part of an Axiomatics tutorial on eXtensible authorization using XACML and ALFA. Attribute-based access control (ABAC) defines a new access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together.

The policies can use any type of attributes (user attributes, resource attribute, etc.). Attributes can be compared to static values or to one another thus enabling relation-based access control. The standard that implements attribute-based and policy-based access control is XACML, the eXtensible Access Control Markup Language.

In this tutorial we will use the ALFA plugin for Eclipse to write authorization policies that implement ABAC. The ALFA Plugin for Eclipse is a tool that converts your Eclipse programming IDE to a dedicated editor of authorization policies using ALFA syntax. ALFA policies can then easily be converted into real XACML 3.0 policies and loaded into your XACML policy management tool. The scenario we will use is that of a car dealership company. The policies we will write will revolve around purchase orders.


Continue to:

A Beginner’s Guide to XACML (Part 2) Getting Started with ALFA

If you have questions or would like further information on Axiomatics Authorization Solutions, please contact us.

Other Resources

The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.
Taking an identity-centric approach to a modern security architecture
Federal agencies invest heavily in protecting data from external threat actors, but the insider threat problem requires a new approach to access control. While protecting data is paramount, that requirement must be balanced with the need to share certain information across a variety of use case scenarios within and across agencies/departments.