Talend ESB Authorization uses the XACML standard to specify access control. Talend ESB Authorization components are based on this standard and use the HERAS_AF core as the basis of its implementation. As of this version of Talend ESB, the Talend ESB Authorization components support the following:
- PEP (Policy Enforcement Point): A CXF interceptor which intercepts access requests to a resource and enforces the authorization decision of the PDP. This will be described in the next chapter.
- PDP (Policy Decision Point): Requests the needed XACML policies from a policy repository and evaluates the request.
- Policy Repository/Registry: Stores XACML policies. The Talend XACML Registry is based on JCR (Apache Jackrabbit) and is accessed via one front end, a ATOM-based rest interface. It supports deployment, retrieval, and deletion of XACML policies.
- PAP (Policy Administration Point): A user interface for the administration of policies, described in the Talend Administration Center User Guide.
- PIP (Policy Information Point): Supply external policy context and attributes: subject credentials and attributes verification.