Skip to main content

Target

Description

In XACML all the attributes are categorized into four main categories:

A target can contains more than one subject, environment, resource or action or none of them. The target is the way to define the scope of an autorization policy. The result will be MATCHES if it all the target elements defined match.

  • Attribute Designator: lets the policy specify an attribute with a given name and type, and optionally an issuer as well.
  • Attribute Value: contains a literal attribute value.

Screen

image-1627390878895.pngimage-1628241373757.png

Categories

Subjects

An actor whose attributes may be referenced by a predicate.

Allows you to add one or more subjects as a target where the policy will be applied.

To configure a subject, first of all you need to select an attribute. You can select a value for an attribute designator list, or write the attribute selector value and select the data type.

Then, you need to select the operator, it will be used to compare or compute attributes.

And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the attribute data type.

Resources

Data, service or system component.

Allows you to add one or more resources as a target where the policy will be applied.

To configure a resource, first of all you need to select an attribute. You can select a value for a attribute designator list, or write the attribute selector value  and select the data type.

Then, you need to select the operator, it will be used to compare or compute attributes.

And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the attribute data type.

Actions

An operation on a resource.

Allows you to add one or more actionss as a target where the policy will be applied.

To configure an action, first of all you need to select an attribute. You can select a value for a attribute designator list, or write the attribute selector value  and select the data type.

Then, you need to select the operator, it will be used to compare or compute attributes.

And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the attribute data type.

Environments

The set of attributes that are relevant to an authorization decision and are independent of a particular subject, resource or action.

Allows you to add one or more environments as a target where the policy will be applied.

To configure an environment, first of all you need to select an attribute. You can select a value for a attribute designator list, or write the attribute selector value  and select the data type. The 

Then, you need to select the operator, it will be used to compare or compute attributes.

And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the  attribute data type.

Actions

The behavior of the actions is the same in each category, subjects, actions, resources and environments. 

Add new

Allows you to add a new element to the list. To add a new element you need to click the add button, located at the end of the header and fulfill the form and save the data.

Delete

Allows you to delete an element to the variable list. To delete the element, you need to click the element you want to delete, and click the button with the subtraction symbol (-) at the end of the record.

To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

Close

Allows you to save the data of a new element or to update the data of a specific element. To save the data it will be mandatory to fill in the required fields

Undo

Allows you to quit without applying any changes.

 


 

https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf