Search Results

Definition The PDP, Policy Decision Point, is in charge of evaluating the defined rules. The Policy Decision Point is essentially a policy compiler. The PDP must verify that the specified rules are within the scope of the rule authors authority. The PDP provi...

Dynamic role Enforcement Point Use case example We want to define a policy to restrict access to the Soffid console user's page (MainMenu > Administration > Resources > Users). The users who are assigned to the SOFFID_RRHH role (from this point forward: end...

Role centric Enforcement Point Use case example We want to define a policy to restrict access to the Soffid console role's page (MainMenu > Administration > Resources > Roles). The users who belong to the "enterprise" group as primary group (from this point...

Description In XACML all the attributes are categorized into four main categories: Subjects Resources Actions  Environments A target can contains more than one subject, environment, resource or action or none of them. The target is the way to define...

Description A rule is the most elementary unit of policy. It may exist in isolation only within one of the major actors of the XACML domain. In order to exchange rules between major actors, they must be encapsulated in a policy. A rule can be evaluated on t...

Description Variables are the elements to define functions that may be used througthout the policy. Screen overview Related objects Policy Expressions Standard attributes Variable name: Name to identify the variable. Expressions: Any elemen...

Description Condition represents a Boolean expression that refines the applicability of the rule beyond the predicates implied by its target.  Therefore, it may be absent. Screen overview Related objects Policy Expressions Standard attributes ...

Web Policy Enforcement Point Use case example We want to define a policy to restrict access to some pages of the Soffid console. The users who are assigned to the SOFFID_RRHH role (from this point forward: end-users) will have limitations to access to some ...

Description A PolicySet is a container that can hold other Policies or PolicySets, as well as references to policies found in remote locations. Every PolicySet contains a target and obligations, both can be empty. The target contains the subjects, resou...

Description The policy reference is used to reference a policy element. The reference is made by id of the policy. However, the mechanism for resolving a policy set reference to the corresponding policy  is outside the scope of this specification. Related ob...

Description The policy set reference is used to reference a policy set element. The reference is made by id of the policy set. However, the mechanism for resolving a policy set reference to the corresponding policy set is outside the scope of this specificati...

Description XACML defines obligations as actions that have to be returned to the PEP with the PDP response XACML . If the PDP's evaluation is viewed as a tree of rules, policy sets and policies, each of which returns "Permit" or "Deny", then the set of obl...

Description The PEP, Policy enforcement point,  is a component of policy-based management, where enforce the policies. It is the component that serves as the gatekeeper to access a digital resource. The PEP gives the PDP, Policy Decision Point, the job of dec...

Definition The rule-combining algorithm defines a procedure for arriving at an authorization decision given the individual results of evaluation of a set of rules XACML rule combining algorithms is in charge to combine the decisions produced by different...

What is XACML? XACML "eXtensible Access Control Markup Language" is an open standard XML based language. The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to...

Description Soffid Console provides a graphical interface, with a hierarchy structure, that allows the management of Policy Decision Points in a easy way. You can create new policy sets, policies, policy set references and policy references. To start you onl...

Description A Policy represents a single access control policy, expressed through a set of Rules. Screen overview Related objects Policy set Target Variables Rules Obligations Standard attributes Policy set Identifier: identify the polic...

Description The Expression signifies that an element that extends the ExpressionType and is a member of the Expression substitution group shall appear in its place. The Expression is not used directly in a policy.  Related objects Variables Condition...

Password Vault Policy Enforcement Point Use case example 1 We want to define a policy to restrict access to the Soffid Password Vault. The users who are assigned to the SOFFID_ADMIN role (from this point forward: end-users) will have limitations to perform ...