Policy-Based Access Control
From MgmtWiki
Contents
Full Title or Meme
Policy-Based Access Control or PBAC is any system where Access is mediated by Access Tokens that are evaluated by a digital policy language and policy control engine.
Context
- The most common Attribute-Based Access Control language XACML expanded their scope in version 3.0 to include the description Policy-Based Access Control although policy statement was defined in earlier versions.
Existing Languages
XACML
- XACML 3.0 core spec.
- This spec is written in XML with no regard of size of the message. XML can easily be converted to json and this is the spec that describes the process.
- While it is oriented to an overly complex structure using monolithic designs, it has well-thought-out elements that should remain useful in the domain where it was applied. It is less useful in new areas like application of areas like COVID Vaccination.
LegalRuleML
Is also an OASIC spec that attempts to turn law into machine readable format. This wiki page is focused more on the application of the policy to access control.
Drools
- Supposedly this is open, which apparently apples to the java code implementation which is at the follow site.
- Drools documentation.
- "Drools is Rule Engine or a Production Rule System that uses the rule-based approach to implement and Expert System. Expert Systems are knowledge-based systems that use knowledge representation to process acquired knowledge into a knowledge base that can be used for reasoning."
- The rules supported by Drools look a lot like a domain specific programming language, not a business rules language.
HL7 CQL
- Clinical Quality Language (CQL) is a high-level, domain-specific language focused on clinical quality and targeted at measure and decision support artifact authors.
- In addition, this specification describes a machine-readable canonical representation called Expression Logical Model (ELM) targeted at implementations and designed to enable sharing of clinical knowledge.
Solution
References
Other Material
- For policy applied at the web page origin see the wiki page on Content Security Policy.
