Authorization PDP - AuthZForce

Chapter:
Security
Version:
5.4.1
Updated:
2017-02-14
Contact Person:
Cyril DANGERVILLE
Feedback:

AuthZForce

criteria value label
The overall label is the average of all individual labels assessed by Sep 2016
Documentation completeness Very good A++
Documentation soundness Very good A++
APIs Failure Rate 0 tests failed/executed A+++
Detected defects by Priority 0 average bugs priority A+++
Time to respond issues 9,2 days A
Time to fix issues 9 days A
Scalability 1,15 response time/thread number A++
Performance 6853,58 authorization requests per second A++
Stability Memory/CPU are progressively increasing but no leak A

What you get

You get the reference implementation of the Authorization PDP Generic Enabler (formerly called Access Control GE). Indeed, as mandated by the GE specification, this implementation provides an API to get authorization decisions based on authorization policies, and authorization requests from PEPs. The API follows the REST architecture style, and complies with XACML v3.0. XACML (eXtensible Access Control Markup Language) is a OASIS standard for authorization policy format and evaluation logic, as well as for the authorization decision request/response format. The PDP (Policy Decision Point) and the PEP (Policy Enforcement Point) terms are defined in the XACML standard. This GEri plays the role of a PDP.

To fulfill the XACML architecture, you may need a PEP (Policy Enforcement Point) to protect your application, which is not provided here. For REST APIs, we recommend you use the PEP Proxy by UPM available in the catalogue.

Why to get it

Providing authorization for your application is a must for security reasons. However, it is always a complex part to implement, especially for non-security developers, because it involves advanced security concepts (Identity-based, RBAC, ABAC, etc.). Most developers embed the authorization logic within the application code, which makes it hard to maintain, evolve and integrate with external services providing extra authorization attributes. In this regard, the Authorization PDP helps you externalize the authorization logic and take advantage of flexible and standard-compliant Attribute-Based Access Control features. Combined with the Identity Management GE and the PEP proxy, this gives you a comprehensive access control solution for your application.
The Authorization PDP specification defines a RESTful API of an Authorization Policy Decision Point (PDP) compliant with the OASIS XACML standard. More specifically, it defines RESTful interfaces for:
  • Managing XACML-compliant authorization policies;
  • Requesting authorization decisions based on those policies, in a XACML-compliant request-response format.
Label: 
A++
Efficency Description: 

AuthZForce

criteria value label
The overall label is the average of all individual labels assessed by Sep 2016
Documentation completeness Very good A++
Documentation soundness Very good A++
APIs Failure Rate 0 tests failed/executed A+++
Detected defects by Priority 0 average bugs priority A+++
Time to respond issues 9,2 days A
Time to fix issues 9 days A
Scalability 1,15 response time/thread number A++
Performance 6853,58 authorization requests per second A++
Stability Memory/CPU are progressively increasing but no leak A