XACML authorisation tool chain

The XACML authorisation tool chain is a set of modules, the policy decision point (pdp) is the core component of the XACML solution. It is built around an evaluation engine that computes the result of the queries sent by a (PEP) by interpreting the policies in the XACML language. The policy information point (PIP) is the actual mind of the authorisation server. It knows how to get the attributes referenced in the XACML policies during the evaluation of those ones using a set of connectors that allows retrieving the attribute values in external repositories. New connectors were developed for ComVantage: SPARQL endpoint, RDF file and property files. The policy enforcement point (PEP) is the part of an application that controls accesses to its resources. Before executing an action on a resource, it sends subject, resource and action attribute values describing the access to the (PDP), and “enforces” the returned decision. EVIDIAN has specified an api that simplifies the submission of requests to the (PDP). The policies are defined in the policy administration point (PAP). The EVIDIAN (PDP) supports several sources of policies. To facilitate the use of the platform, a built-in policy administration has been developed for ComVantage. This (PAP) is built on the basic RBAC data model. The policy retrieval point (PRP) is the component that retrieves the policies that should be applied to a request. Two (PRP) were developed for ComVantage: an SQL repository that works with the built-in (PAP), and a SPARQL repository that works with the modelling outcomes.

bg-logo