Difference between revisions of "Policy-Based Access Control"

From MgmtWiki
Jump to: navigation, search
(XACML)
(XACML)
Line 8: Line 8:
 
==Existing Languages==
 
==Existing Languages==
 
===XACML===
 
===XACML===
* [http://docs.oasis-open.org/xacml/3.0/errata01/os/xacml-3.0-core-spec-errata01-os.doc XACML 2.0 core spec.]
+
* [http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.doc XACML 3.0 core spec.]
 +
* This spec is written in XML with no regard of size of the message. It can easily be converted to json and this a a spec that describe the process.
 +
* While it is oriented to an overly complex structure using monolithic designs, it has well-thought out elements that should remain useful.
 +
 
 
===Drools===
 
===Drools===
 
  (which is open)
 
  (which is open)

Revision as of 15:00, 13 December 2021

Full Title or Meme

Policy-Based Access Control or PBAC is any system where Access is mediated by Access Tokens that are evaluated by a digital policy language and policy control engine.

Context

  • The most common Attribute-Based Access Control language XACML expanded their scope in version 3.0 to include the description Policy-Based Access Control although policy statement was defined in earlier versions.

Existing Languages

XACML

  • XACML 3.0 core spec.
  • This spec is written in XML with no regard of size of the message. It can easily be converted to json and this a a spec that describe the process.
  • While it is oriented to an overly complex structure using monolithic designs, it has well-thought out elements that should remain useful.

Drools

(which is open)

HL7 CQL

Solution

PolicyFLows.png

References