What you get
You get the reference implementation of the Authorization PDP Generic Enabler (formerly called Access Control GE). Indeed, as mandated by the GE specification, this implementation provides an API to get authorization decisions based on authorization policies, and authorization requests from PEPs. The API follows the REST architecture style, and complies with XACML v3.0. XACML (eXtensible Access Control Markup Language) is a OASIS standard for authorization policy format and evaluation logic, as well as for the authorization decision request/response format. The PDP (Policy Decision Point) and the PEP (Policy Enforcement Point) terms are defined in the XACML standard. This GEri plays the role of a PDP.
To fulfill the XACML architecture, you may need a PEP (Policy Enforcement Point) to protect your application, which is not provided here. For REST APIs, we recommend you use the PEP Proxy by UPM available in the catalogue.
Why to get itProviding authorization for your application is a must for security reasons. However, it is always a complex part to implement, especially for non-security developers, because it involves advanced security concepts (Identity-based, RBAC, ABAC, etc.). Most developers embed the authorization logic within the application code, which makes it hard to maintain, evolve and integrate with external services providing extra authorization attributes. In this regard, the Authorization PDP helps you externalize the authorization logic and take advantage of flexible and standard-compliant Attribute-Based Access Control features. Combined with the Identity Management GE and the PEP proxy, this gives you a comprehensive access control solution for your application.
- Managing XACML-compliant authorization policies;
- Requesting authorization decisions based on those policies, in a XACML-compliant request-response format.
|The overall label is the average of all individual labels assessed by Sep 2016|
|Documentation completeness||Very good||A++|
|Documentation soundness||Very good||A++|
|APIs Failure Rate||0 tests failed/executed||A+++|
|Detected defects by Priority||0 average bugs priority||A+++|
|Time to respond issues||9,2 days||A|
|Time to fix issues||9 days||A|
|Scalability||1,15 response time/thread number||A++|
|Performance||6853,58 authorization requests per second||A++|
|Stability||Memory/CPU are progressively increasing but no leak||A|