XACML Response validation - 7.1

Talend ESB Infrastructure Services Configuration Guide

EnrichVersion
7.1
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
EnrichPlatform
Talend ESB
Talend Runtime
task
Design and Development
Installation and Upgrade

Once the XACML Request described in the previous section has been created, it must be dispatched to the PDP (as covered in the next few sections). The PDP evaluates the Request, and constructs a XACML Response and returns it to the client.

The PDP can return a decision of Permit, Deny, NotApplicable or Indeterminate. Access is allowed only if the decision of the PDP is Permit. For any other decision, the PEP will throw a CXF AccessDeniedException. The PDP can also return an Obligations Element that is defined in the relevant policy as part of the request. The PEP is supposed to only grant access on a Permit decision if it can satisfy all Obligations. The TESB PEP does not support Obligations by default, but does have a pluggable way of handling an Obligations element if required.

An example of a XACML response is given below.

<Response
   xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os">
   <Result>
       <Decision>Permit</Decision>
       <Status>
           <StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
       </Status>
   </Result>
</Response>