Difference between revisions of "Policy-Based Access Control"
From MgmtWiki
(→References) |
(→XACML) |
||
Line 9: | Line 9: | ||
===XACML=== | ===XACML=== | ||
* [http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.doc XACML 3.0 core spec.] | * [http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.doc XACML 3.0 core spec.] | ||
− | * This spec is written in XML with no regard of size of the message. | + | * This spec is written in XML with no regard of size of the message. XML can easily be converted to json and this is the spec that describes the process. |
− | * While it is oriented to an overly complex structure using monolithic designs, it has well-thought out elements that should remain useful. | + | * While it is oriented to an overly complex structure using monolithic designs, it has well-thought-out elements that should remain useful in the domain where it was applied. It is less useful in new areas like application of areas like [[COVID Vaccination]]. |
===Drools=== | ===Drools=== |
Revision as of 17:53, 3 February 2022
Contents
Full Title or Meme
Policy-Based Access Control or PBAC is any system where Access is mediated by Access Tokens that are evaluated by a digital policy language and policy control engine.
Context
- The most common Attribute-Based Access Control language XACML expanded their scope in version 3.0 to include the description Policy-Based Access Control although policy statement was defined in earlier versions.
Existing Languages
XACML
- XACML 3.0 core spec.
- This spec is written in XML with no regard of size of the message. XML can easily be converted to json and this is the spec that describes the process.
- While it is oriented to an overly complex structure using monolithic designs, it has well-thought-out elements that should remain useful in the domain where it was applied. It is less useful in new areas like application of areas like COVID Vaccination.
Drools
- Supposedly this is open, which apparently apples to the java code implementation which is at the follow site.
- Drools documentation.
- "Drools is Rule Engine or a Production Rule System that uses the rule-based approach to implement and Expert System. Expert Systems are knowledge-based systems that use knowledge representation to process acquired knowledge into a knowledge base that can be used for reasoning."
- The rules supported by Drools look a lot like a domain specific programming language, not a business rules language.
HL7 CQL
- Clinical Quality Language (CQL) is a high-level, domain-specific language focused on clinical quality and targeted at measure and decision support artifact authors.
- In addition, this specification describes a machine-readable canonical representation called Expression Logical Model (ELM) targeted at implementations and designed to enable sharing of clinical knowledge.
Solution
References
Other Material
- For policy applied at the web page origin see the wiki page on Content Security Policy.