Questions tagged [xacml]

XACML is the eXtensible Access Control Markup Language, an open standard for specifying and evaluating authorization and access control policies.

XACML is the eXtensible Access Control Markup Language, an open standard for specifying and evaluating of authorization and access control policies. The standard is managed by the OASIS XACML Technical Committee. The XACML 3.0 standard was ratified and released in January 2013.

XACML implements an access control model called attribute-based access control or .

The OASIS committee has identified and defined several ancillary profiles that extend the core XACML 3.0 specification for specific domains, such as the Administration and Delegation Profile, the SAML Profile, the Core and Hierarchical Role Base Access Control (RBAC) Profile, the Intellectual Property Control (IPC) profile, and the Export Compliance-US (EC-US) Profile. All of these profiles are defined on the OASIS site.

The XACML 2.0 standard was ratified in February 2005. A significant difference between the 2.0 and 3.0 standards is that 2.0 uses distinct XML element tags to separate attributes into subject, resource, action, or environment categories whereas 3.0 uses XML attributes to associate items with categories. In XACML 3.0 it's easier to define application-specific categories and the attribute processing model is more unified than in XACML 2.0.

XACML 3.0 also introduces Advice and makes Obligations more dynamic through the introduction of variables in the Obligation element.

412 questions
0
votes
1 answer

How to Retrieve an resource:root-resource-id in SampleResourceFinderModule from request

i have a scenario in which i am sending resource:root-resource-id from request as below
Naveen Rayappa
  • 119
  • 3
  • 17
0
votes
1 answer

How to handle Descendant Resources in XACML 3.0?

I am working on XACML 3.0.Can anyone suggest how to handle descendant resources in XACML3.0 Hierarchical resource scenario?
Nadendla
  • 712
  • 2
  • 7
  • 17
0
votes
1 answer

XACML Policy based on Resource and Child Resources

Hi I need a policy where I can have multiple child resources. Policy is based on Resource where the Top level Resource is Customer and the child resources corresponding to that is 1. firstname , 2. lastname Customer -- -- 1.…
Utsav
  • 1,593
  • 4
  • 22
  • 46
0
votes
1 answer

Adding new Entitlement Policy in wso2is

I'm using wso2is and trying to add new entitlement policy.It's configuration is as follws:
user3129056
  • 447
  • 3
  • 6
  • 19
0
votes
1 answer

XACML policy based on subject yields NotApplicable

Hi I have created policy using Wso2 identity server. This policy is based on the subject i.e. the email utsav@domain.com. While evaluating its giving result as not applicable. Please help me on the same.... Policy Format
Utsav
  • 1,593
  • 4
  • 22
  • 46
0
votes
1 answer

How to understand XACML Response?

I worked with the below policy and i am unable to understand the XACML Response. The policy which i am using is
Nadendla
  • 712
  • 2
  • 7
  • 17
0
votes
1 answer

XACML 3.0 multiple PEP and PDP instances

I am using XACML 3.0 I just want to know which is the best practices for separating the PEP and PDP instances. I have three scenarios here which one is best as per the cloud way of implementation. I have one instance of PEP which will communicate…
Utsav
  • 1,593
  • 4
  • 22
  • 46
0
votes
1 answer

how to distribute PEP and PDP in XACML as a service call

I am using WSO2 Balana XACML 3.0. I want to distribute my PEP and PDP as a service so that I can host multiple instances of PEP and PDP on the virtual machine. What is the best way to achieve this and how can I handle multiple PEP and PDP?
Utsav
  • 1,593
  • 4
  • 22
  • 46
0
votes
1 answer

How to use OpenAz ServiceFactory method?

I am using OpenAz as PEP client for my project but I am confused about it's serviceFactory. Can you please share a code snippet how to create a service in openAz. I believe it's done through->…
Helios
  • 851
  • 2
  • 7
  • 22
0
votes
3 answers

SOAP Header Errors in JAVA Web Service

I'm new for Web Service Development, I'm trying to implement the JAVA web service using XACML approach. I've implemented 2 very simple web services which contain one method that return a String and also the PEP who will filter all requests to my web…
N87UW
  • 21
  • 4
0
votes
1 answer

uploading xacml policy not working

I try to run the following XACML policy containing XPath function:
Mars
  • 15
  • 3
0
votes
1 answer

WSO2 Identity Server - Role management

I have few doubts on configuring RBAC in WSO2: are supported hierarchical roles? is it possible to associate different roles to a user depending to a different authorization contexts? I.e. in DeptA a user can access a certain resource since having…
0
votes
1 answer

Fine grained access control with XACML 3.0 for an XML document

I want to express a fine-grained access control use case with XACML 3.0 for an XML document but I don't know whether I can use a full XPath expression like for $a in fn:distinct-values(sales/clientid)return (fn:sum(sales[clientid = $a]/value) This…
Mars
  • 15
  • 3
0
votes
1 answer

XACML policy location

Is it possible to store XACML policies anywhere in the file system (e.g. c:\users\simo\projects\project1\policies)? if the answer is yes how to configure the jbossxacml-config.xml ? I have tried this but it does not work.
user2824999
  • 13
  • 1
  • 6
0
votes
2 answers

How to evaluate an XACML Policy

Does anyone know the details about how to evaluate the XACML Policy? Actually, I've written one policy like the following, but when I tried to evaluate with Trylt tool, it always failed with the "Indeterminate". This is my first time to write an…