{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 劫难 的问题《XACML implementation》','https://www.manongdao.com/q-1321691.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am novice to XACML policies. Can you specify me how to implement XACML policies. I have tried different API's. But for my project I need to implement XACML evaluation engine. So, can you help me providing the implementation details. Which language will be best suitable for implementing the evaluation engine .
Thanks in Advance.
Not sure what you mean by 'Evaluation'. Do you have access requests that need to be evaluated in order to determine whether or not access is granted?
For that purpose, I was able to run WSO2 Identity Server quickly, to compose XACML 3.0 policies and have it check the access control requests.
The server: http://wso2.com/products/identity-server/ The blog that helped my out: http://xacmlinfo.com/2012/06/13/pdp-pep-communication-wso2is/
I guess, Implementing a XACML evaluation engine is not an easy task. You need to go through XACML specification at https://www.oasis-open.org/committees/xacml/ and do the implementation based on it. It would be better, if you can find already implemented XACML based authorization engine.
"Balana" is one of the XACML implementation (with partial XACML 3.0 version) which is java based open source project.
Therefore you can use it freely and you can find the source core from https://svn.wso2.org/repos/wso2/trunk/commons/balana/.
Also if you really want to implement a new XACML engine, you can go through Balana source code and can get some idea implementation or reuse source code of it. More details on Balana and about XACML can be found from this blog post at http://xacmlinfo.com/. I guess, java would be easy language to deal with as you need to work with more XML stuff.
In terms of Policy Editing, there is a handy tool that you can use: ALFA(https://www.axiomatics.com/blog/how-can-i-use-policy-references-in-alfa/). This is an Eclipse plugin that enables you to covert the policy into XACML format.
You want to look at XACML implementations that exist today.
The following are all open source implementations available today:
The following are vendor implementations:
All of the open source implementations cited above are Java. Axiomatics and Bitkoo also provide a C# engine.
If you wanted to go your own, you'd want to generate the XACML objects from the XACML schema using JAXB. But that wouldn't give you the evaluation logic though.