Target
Description
In XACML all the attributes are categorized into four main categories:
A target can contains more than one subject, environment, resource or action or none of them. The target is the way to define the scope of an autorization policy. The result will be MATCHES if it all the target elements defined match.
- Attribute Designator: lets the policy specify an attribute with a given name and type, and optionally an issuer as well.
- Attribute Value: contains a literal attribute value.
Screen
Related objects
Categories
Subjects
An actor whose attributes may be referenced by a predicate.
Allows you to add one or more subjects as a target where the policy will be applied.
To configure a subject, first of all you need to select an attribute. You can select a value for an attribute designator list, or write the attribute selector value and select the data type.
Then, you need to select the operator, it will be used to compare or compute attributes.
And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the attribute data type.
Resources
Data, service or system component.
Allows you to add one or more resources as a target where the policy will be applied.
To configure a resource, first of all you need to select an attribute. You can select a value for a attribute designator list, or write the attribute selector value and select the data type.
Then, you need to select the operator, it will be used to compare or compute attributes.
And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the attribute data type.
Actions
An operation on a resource.
Allows you to add one or more actionss as a target where the policy will be applied.
To configure an action, first of all you need to select an attribute. You can select a value for a attribute designator list, or write the attribute selector value and select the data type.
Then, you need to select the operator, it will be used to compare or compute attributes.
And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the attribute data type.
Environments
The set of attributes that are relevant to an authorization decision and are independent of a particular subject, resource or action.
Allows you to add one or more environments as a target where the policy will be applied.
To configure an environment, first of all you need to select an attribute. You can select a value for a attribute designator list, or write the attribute selector value and select the data type. The
Then, you need to select the operator, it will be used to compare or compute attributes.
And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the attribute data type.
Actions
The behavior of the actions is the same in each category, subjects, actions, resources and environments.
Add new |
Allows you to add a new element to the list. To add a new element you need to click the add button, located at the end of the header and fulfill the form and save the data. |
Delete |
Allows you to delete an element to the variable list. To delete the element, you need to click the element you want to delete, and click the button with the subtraction symbol (-) at the end of the record. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation. |
Close |
Allows you to save the data of a new element or to update the data of a specific element. To save the data it will be mandatory to fill in the required fields |
Undo |
Allows you to quit without applying any changes. |
https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf