XACML implementation

Question

XACML implementation

I am new to XACML policy. Can you tell me how to implement XACML policies. I tried different APIs. But for my project, I need to implement an XACML evaluation engine. So you can help me provide implementation details. Which language is best suited for implementing an assessment mechanism.

Thanks at Advance.

+4

java xml authorization access-control xacml

user2022887 Jan 29 '13 at 19:18

source share

3 answers

Asela · Answer 1 · 2013-01-30T01:55:26+0000

I assume that implementing the XACML evaluation engine is not an easy task. You need to go through the XACML specification https://www.oasis-open.org/committees/xacml/ and execute an implementation based on it. It would be better if you could find an already implemented authorization mechanism based on XACML.

Balana is one of the implementations of XACML (with a partial XACML 3.0 version), which is an open source Java-based project.

Therefore, you can use it freely, and you can find the source kernel from https://svn.wso2.org/repos/wso2/trunk/commons/balana/ .

Also, if you really want to implement the new XACML engine, you can go to the Balana source code and get an idea of the implementation or reuse of the source code. More information about Balan and XACML can be found in this blog post at http://xacmlinfo.com/ . I think java will be an easy language to solve, since you need to work with a lot of XML materials.

David brossard · Answer 2 · 2013-01-30T15:18:48+0000

You want to see existing XACML implementations.

Listed below are all open source versions available today:

Sun XACML: Provides Partial Implementation of XACML 2.0
Heras AF: provides a compatible implementation of XACML 2.0 ( http://www.herasaf.org/heras-af-xacml.html )
Balana: as mentioned earlier, provides a partial implementation of XACML 3.0

The following are vendor implementations:

Axiomatics policy server: full implementation of XACML 2.0 and XACML 3.0 - also confirmed by compatibility (the XACML 3.0 editor works here). Certification of implementation: https://lists.oasis-open.org/archives/xacml/201010/msg00002.html
IBM DataPower: Contains XACML 2.0 Engine
Quest: Thanks to their acquisition of Bitkoo, they also have XACML support.
Oracle

All of the open source implementations described above are Java. Axiomatics and Bitkoo also provide a C # mechanism.

If you want to do it yourself, you want to generate XACML objects from the XACML schema using JAXB. But that will not give you value logic.

Jimroy · Answer 3 · 2013-04-22T13:03:02+0000

Not sure what you mean by "Rating." Do you have access requests that need to be evaluated to determine if access is granted?

To this end, I was able to quickly launch WSO2 Identity Server to compile XACML 3.0 policies and verify its access control requests.

Server: http://wso2.com/products/identity-server/ Blog that helped me: http://xacmlinfo.com/2012/06/13/pdp-pep-communication-wso2is/

XACML implementation

More articles: