Questions tagged [alfa]

ALFA, the Axiomatics Language For Authorization, is a domain-specific language used to write fine-grained authorization policies which are then converted into XACML 3.0.

ALFA, the Axiomatics Language For Authorization, is a domain-specific language used to simplify the authoring and development of access control policies. The ALFA language maps directly into the xacml language.

ALFA and xacml help developers and architects implement fine-grained, attribute-based access control (abac) which is an evolution / extension of the role-based access control model (rbac). ALFA and XACML can also be used to author RBAC policies.

Sample ALFA policies include:

A user with the role=editor can do the action=edit on a resource of type=document
A user with the role=publisher can do the action=approve on a resource of type=document
A user cannot do the action=approve if the author=the user

Role, action, resource type, author, user are all examples of attributes.

XACML policies can then be processed by a policy decision point (PDP).

82 questions

votes

1 answer

WSO2 XACML dynamic attribute value

I wanted to write XACML in Wso2 Identity server where i want to authorize user to access country page if user belongs to that country http://localhost:8080/Country_name. User Country 1 India 2 US 3 UK 4 Australia And user country mapping is…

authorization access-control xacml abac alfa

asked Mar 06 '18 at 10:12

priyanka goel

votes

1 answer

How to implement these rules in XACML policies?

Here is a requirement I am trying to implement via XACML/ABAC for learning purposes: Information Model Resources: Building, Unit there are many buildings (ex. B1, B2, B3, ... Bn) each building has many units (i.e. unit is the child of building)…

authorization xacml abac xacml3 alfa

asked Jul 07 '17 at 02:44

Jatin

votes

1 answer

WSO2 Identity Server - Issues with XACML V.3 Policy Set under the Try-It of PAP

I'd like to add a policy set in order to run a series of policies in sequence using a target which defines if a given policy is applicable, or not, based on the input field "resource". To begin a test I wrote a single policySet that contains one…

authorization xacml abac alfa wso2-identity-server

asked Jun 14 '16 at 18:36

Claude Falbriard

votes

1 answer

Does the ALFA XACML language have a publicly available ANTLR4 g4 grammar?

From much searching of information on XACML it would appear one of the barriers to entry is the demand the specification places on policies being implemented in a verbose XML syntax. The Axiomatics Eclipse ALFA plugin is I understand not a free…

antlr4 xacml xacml3 alfa

asked May 10 '16 at 02:57

Mark

1,059
13
25

votes

2 answers

WSO2 Identity server GUI creating different attribute id for policy and request

I have created XACML plocies with Wso2 GUI. I used Basic Policy Editor for the same. I gave following parameters For policy (in first tab I only gave Resource Name, kept other fields blank): Resource Names : https://www.xyz.com/blabla/ (in second…

wso2 rbac xacml alfa abac

asked Nov 28 '14 at 07:25

Budhh

votes

1 answer

How to use "issuer" tag in ALFA plugin?

I am writing some administrative policies on ALFA plugin but I find out there's no such function of it. Does anyone know this aspect?

delegation xacml xacml3 xacml2 alfa

asked Aug 04 '14 at 21:39

FATELLS

votes

1 answer

XACML - How to express "not male" rather than "not gender == male"

The function not in XACML asks for a boolean argument. However, I want to express a policy like "not string" such as "not male". I can't use "not gender == male" to instead that. I searched google and stackoverflow, but I failed to solve this…

xacml alfa

asked May 15 '14 at 06:10

Longxing Wei

Prev 1 2 3 4 5