xacml

The following rule says subjects with role "acme_manager" can perform any action on the resource "/acme/widgets": <Rule Effect="Permit" RuleId="PermitRule"> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/acme/widgets</AttributeValue> <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema

I'm going to secure my Spring Cloud Application with OAuth2 and XACML (using AuthZForce, Balana, AT&T XACML or something similar). I want to use the microservices from Spring-Cloud(-Netflix). To make XACML available I think that I need this: PEP for each existing API-service PDP's as new services, that are used by PEP's. Because Spring-Cloud(-Netflix) has load-balancing functions (Eureka) I need to register this services on Eureka and implement a REST-API. Because all PDP's should use the same policies, they need to be stored centrally (Policy Provider) Which framework is most suitable for

I'm novice with the XACML world. I've read some documentation regarding JSON and REST profiles of the v3.0 standard but everything I can find is related to XACML requests and responses and not policies (which is the part I'm interested in). Is there any documentation about how should XACML policies be defined using a JSON profile instead of the traditional XML format? No there isn't at the moment. The JSON profile of XACML only deals with XACML requests and responses. The idea behind the profile is to provide a more lightweight way of sending and receiving XACML requests / responses. Since

I am very new to XACML. And I am using XACML to express policy. But I can't find any good examples except a few from the OASIS XACML Technical Committee . Ok, here is my question: I want to express policy using XACML. Users can access to the resources only if they satisfy the policy. The policy is an logical expression. For example: (not A1) and (A2 OR A3) and (2 of (A4, A5,A6)) 2 of (A4,A5,A6) refers that it is true only if 2 or more of A4,A5,A6 is true. "AllOf" and "AnyOf" can be used to express "AND" and "OR", but I don't know how to express "2 of (A4,A5,A6)" and "not A1". Thank you! Based