How to convert CSV or XML to XACML based on Role Based Access Controll(RBAC)?

Question

I have a problem with my thesis, my problem is as below, I hope you can help me.

I have an xml, as shown below

the meaning of the xml is:

"role:siasn-instance:profilasn:viewprofile" (for your information "role:siasn-instance:profilasn:viewprofil" is the name of the role) with role id 1, which is in the application "Service profile ASN" can access or have permissions to access the points below:
- url : "/tampilanData/pns", label: "Profile Pegawai", subMenu: "pns"
- url : "/tampilanData/pppk", label: "Profile Pegawai PPPK", subMenu: "pppk"

I want to convert the XML to xacml based on rbac, can you help me to convert it to XACML as much as you can? because there are still 30 rows XML more that I have to convert to XACML

Thank you

Please share any relevant code by editing your Question - [instead of a screenshot](https://meta.stackoverflow.com/questions/285551/why-not-upload-images-of-code-errors-when-asking-a-question). Fewer people are likely to reproduce your issue without having your code in a copyable form. — tjheslin1, Nov 17 '21 at 09:08

score 0 · Answer 1 · answered Nov 17 '21 at 00:04

You're going to have to write your own logic. For instance, you can create a very simple XACML (or alfa) policy that has a target that combines both the user's role and the URL they have access to. It would look something like the following:

<Rule RuleId="c01d7519-be21-4985-88d8-10941f44590a" Effect="Permit">
<Description>Allow access to a given URL for a given role</Description>
<Target>
    <AnyOf>
        <AllOf>
            <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">your role value</AttributeValue>
                <AttributeDesignator
                    Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
                    AttributeId="role"
                    MustBePresent="false"
                    DataType="http://www.w3.org/2001/XMLSchema#string"/>
            </Match>
        </AllOf>
    </AnyOf>
    <AnyOf>
        <AllOf>
            <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
                <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">17:00:00</AttributeValue>
                <AttributeDesignator
                    Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
                    AttributeId="targetURL"
                    MustBePresent="false"
                    DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
            </Match>
        </AllOf>
    </AnyOf>
</Target>

You can use XML manipulation libraries if you want to go 'raw'. You can even take XACML 3.0's schema to generate POJOs to create XML. Alternatively you could use AuthzForce's Java implementation of XACML.

If you go down the path of ALFA (easier to read), you can definitely create your own script (in whatever text manipulation language you prefer e.g. sed or Python...) to go from your CSV to ALFA.

How to convert CSV or XML to XACML based on Role Based Access Controll(RBAC)?

1 Answers1