HERAS-AF Forum
Welcome, Guest. Please login or register.
Did you miss your activation email?
May 20, 2012, 10:42:08 am

Login with username, password and session length
Search:     Advanced search
Welcome to the HERAS-AF Forum...
373 Posts in 89 Topics by 272 Members
Latest Member: Jasmine
* Home Help Search Login Register
+  HERAS-AF Forum
|-+  HERAS-AF XACML
| |-+  HERAS-AF XACML Core (Moderators: René Eggenschwiler, Florian Huonder)
| | |-+  Tools for policy generation		 « previous next »
Pages: [1] Print
Author Topic: Tools for policy generation  (Read 195 times)
kanchanna
Newbie
*
Posts: 6


View Profile
« on: January 16, 2012, 06:52:34 pm »
Do you have documents or tools for policy generation?
Logged
René Eggenschwiler
Administrator
Jr. Member
*****
Posts: 63



View Profile
« Reply #1 on: January 16, 2012, 06:58:29 pm »
Hi,

It depends on what kind of "generation" you mean?
We do not provide a Policy Administration Point (meaning a user interface for policy editing) thats generates policies.
We edit our policies either in XML or use our Java classes (those are very XML-oriented because they are based on JAXB) and do then marshal them to XML.

Maybe you could explain a little bit more on your target or intent?

Best regards,
René
Logged
kanchanna
Newbie
*
Posts: 6


View Profile
« Reply #2 on: January 17, 2012, 05:03:33 pm »
Thanks for the reply.
I need some documentation or tutorial on how the policies are created in XML. Do you have any such documentation?
Logged
René Eggenschwiler
Administrator
Jr. Member
*****
Posts: 63



View Profile
« Reply #3 on: January 17, 2012, 06:54:54 pm »
Hi,

How to design policies depends heaviliy on your use case.

Let us make an example by taking natural language as a metapher:
The XACML specification defines the grammar of the policy language and define how to interprete/evaluate it. The vocabulary has to be defined by the writer.

So in my opinion I don't think that you will find a simple "how to write a policy" tutorial that will help you.

I think it will be the easiest way to read through the XACML specification (e.g. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf). Especially the non-normative parts (Chapter 1-4) explain XACML very well.
You could also look through example policies you'll find on the internet.

Then I would suggest you to use an XML-Editor that supports schema validation for writing policies by yourself.

Florian has written a thesis that deals about an approach on "how could policies being analysed/developed" (see http://www.herasaf.org/uploads/theses/2008/2008_fall_MasterStudentResearchProject_Analysis_of_Access_Control_Policies.pdf).
He made also a case study in that thesis. Maybe that could help you.

Regards,
René
Logged
kanchanna
Newbie
*
Posts: 6


View Profile
« Reply #4 on: January 18, 2012, 10:00:36 am »
Hi,
Thanks again.

I am looking for some library that would help composition of the policies readily using the subject, subject-attributes, action and resource, resource-attributes fields.
Logged
René Eggenschwiler
Administrator
Jr. Member
*****
Posts: 63



View Profile
« Reply #5 on: January 18, 2012, 12:56:34 pm »
Hi,

Unfortunately we don't have such a convinience API for creating policies.
But you could wirte such a convinience layer based on our policy types in our API.

In another post I made an example for creating requests: http://forum.herasaf.org/index.php/topic,132.msg371.html#msg371
The creation of policies would be analogue for policy types.

You can refer to our javadoc: http://maven.herasaf.org/herasaf-release/org/herasaf/xacml/core/herasaf-xacml-core/1.0.0-M2/herasaf-xacml-core-1.0.0-M2-javadoc.jar
Starting points are PolicyType and PolicySetType. All according types could be found in the package org.herasaf.xacml.core.policy.impl

Best regards,
René
Logged
kanchanna
Newbie
*
Posts: 6


View Profile
« Reply #6 on: January 19, 2012, 12:50:56 pm »
Thanks a million. That is helpful.
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines Valid XHTML 1.0! Valid CSS!