TESB Authorization XACML Policy Registry - 7.1

Talend ESB Infrastructure Services Configuration Guide

Version
7.1
Language
English (United States)
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade

The XACML registry stores XACML policies using JCR/Jackrabbit, which means all backends supported by Jackrabbit can be configured. As default a file based repository is used, but it can be changed to a database-based repository, for more information see Backend configuration.

The XACML registry rest interface is used by:

  • The PDP which retrieves the policies needed to evaluate an authorization request.
  • The PAP which supports administration of XACML policies.

The XACML registry distinguishes two types of XACML policies:

  • Role policies - used to specify roles.
  • Permission policies referred to by the role policies used to specify access rules.

The XACML policy registry client used by the PDP loads all role policies into the memory in advance and supports lazy loading of permission policies.