In part one of our XACML beginners tutorials we take a look at attribute based access control (ABAC) and how it can be applied in a typical scenario whereby sensitive records, namely purchase orders, have to be protected.

This video is part of an Axiomatics tutorial on eXtensible authorization using XACML and ALFA. Attribute-based access control (ABAC) defines a new access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together.

The policies can use any type of attributes (user attributes, resource attribute, etc.). Attributes can be compared to static values or to one another thus enabling relation-based access control. The standard that implements attribute-based and policy-based access control is XACML, the eXtensible Access Control Markup Language.

In this tutorial we will use the ALFA plugin for Eclipse to write authorization policies that implement ABAC. The ALFA Plugin for Eclipse is a tool that converts your Eclipse programming IDE to a dedicated editor of authorization policies using ALFA syntax. ALFA policies can then easily be converted into real XACML 3.0 policies and loaded into your XACML policy management tool. The scenario we will use is that of a car dealership company. The policies we will write will revolve around purchase orders.

If you have questions or would like further information on Axiomatics Authorization Solutions, please contact us.