XACML policies - 7.1

Talend ESB Infrastructure Services Configuration Guide

EnrichVersion
7.1
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
EnrichPlatform
Talend ESB
Talend Runtime
task
Design and Development
Installation and Upgrade

For its Authorization feature, Talend ESB is using three types of XACML policies: the Role Policies, the Permission Assignment Policies, and the Permission Policies. Their role can be summarized as follows:

  1. A PDP receives a request from a PEP, which contains the resource, action, role, date, and some other optional data.

  2. The PDP first goes through the Role Policies it has to try to match the given role name.

  3. If it finds a match, then it finds the Permission Policies that are referenced via the Permission Assignment Policy associated with the Role Policy.

  4. It matches these policies against the request: the resource and the action name.

  5. If they all match then the authorization decision is "permit".

    Otherwise, it is "deny" or "indeterminate".