| Gliffy Diagram | ||||
|---|---|---|---|---|
|
| Table of Contents |
|---|
In essence, a native policy is a custom policy/rule implementation for a specific PDP engine such as: drools DRL rules, xacml XML policies or apex JSON policies.
...
Dependency JAR developer should use development best practices/governance to test/deploy new and/or updated java artifacts to the nexus repo for drools PDP-D. These new java development should go through git review process and include necessary junit tests to make sure they will behave correctly as expected.
1.2 XACML XML
Use XACML Policy Designers can use a text or XML editor of choice - existing XACML github jars etc. to validate/test
XACML native policies are encoded in XML which defines access control rules required by new XACML application. In particular, the access control rules include subject, action and resource specification (i.e. 'subject' wants to do 'action' to 'resource', can it be allowed?). Some of these fields can be wildcarded to match all the possibilities. XACML policy author should compose such rules/policies in XACML XML and validate it through using test tools that are supported in the GitHub:att/XACML project. After ensuring newly composed XACML policy can fit the need, XACML author can then call create native policy API to insert new XACML policy to policy framework.
1.3 APEX JSON
their choice to design and test their XACML Policies. The Github:att/XACML project has tools and a GUI available for creating policies and testing those policies.
1.3 APEX JSON
APEX policy development includes three parts - develop the state machine transition using APEX language (i.e. .apex file), develop APEX policy development includes three parts - develop the state machine transition using APEX language (i.e. .apex file), develop I/O event schema to each state (i.e. .avro files) and develop processing logic in each state/task (i.e. javascript files). APEX policy developer should follow best practices to develop APEX policies and submit for git review once they are done. Then APEX command line tool can be used to generate the executable JSON for PDP-A.
...
Apex PDP will need to be able to ingest custom Apex JSON policies. TBC with that team - may already be well-supported.
5. Sequence flows for native policy design
...
, deployment and enforcement
5.1 Drools native policies supported by the PDP-D engine
Create native DRL
Update native DRL
Deploy native DRL
Undeploy native DRL
Delele native DRL
5.2 XACML native policies supported by the PDP-X engine
5.2.1 Getting XACML native policies into the Policy Framework via the Policy Lifecycle API CRUD
| draw.io Diagram | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
5.2.2 Deploying/Undeploying XACML native policies using the Policy PAP API
| Gliffy Diagram | ||||
|---|---|---|---|---|
|
5.2.3 Enforcement of XACML native policies done by the PDP-X engine using the Decision API
5.3 Apex native policies supported by the PDP-A engine
5.1 Drools
Create native DRL
Update native DRL
Deploy native DRL
Undeploy native DRL
Delele native DRL
5.2 XACML
...