XACML 2.0 implementation for the NERC DataGrid
- XACML 2.0 implementation for CEDA (the Centre for Environmental Data Archival)
STFC, Rutherford Appleton Laboratory. This is follow on work from the NERC (Natural Environment Research Council) DataGrid 3 Project.
XACML (eXtensible Access Control Mark-up Language), is an XML based language for expressing access control policies.
Added support for custom DataTypes and functions. e.g.
# Add attribute value type
AttributeValueClassFactory.addClass(‘<my new type uri’, MyAttributeValueClass)
# …and new parser for this type
DataTypeReaderClassFactory.addReader(‘<my new type uri’, ETreeMyDataTypeReaderClass)
# Add new function
functionMap[‘<my function type uri’] = MyNewFunctionClass
Includes important fixes for equals functions, and improvement to at least one member functions. Unit tests improved with wider coverage of different rule definitions and example request contexts.
Improved and added to support for context handler and Policy Information Point interfaces including the ability for the PDP to call back to a PIP via a Context handler to retrieve additional subject attributes.
Only the parts of the specification immediately required for CEDA have been implemented in this initial release: Policy Decision Point; Deny overrides and Permit overrides rule combining algorithms; AttributeDesignators; various function types: see ndg.xacml.core.functions; and attribute types: see ndg.xacml.core.attribute; incomplete support for <AttributeSelector>s, <VariableReference>, <VariableDefinition>. <Obligations>; includes an ElementTree based parser for Policies. No support for writing out policies or read/write of XML representation of <Request> and <Response>;
See ndg.xacml.test for unit tests and examples.
The software follows a modular structure to allow it to be extended easily to include new parsers, functions and attribute types
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.