This repository has been archived by the owner on Dec 5, 2023. It is now read-only.
generated from EOEPCA/um-service-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Policy Language
Alvaro Villanueva edited this page Nov 14, 2022
·
8 revisions
- ⏬ Getting Started
- ⏬ Deploy and Configure the Policy Decision Point
- ⏬ Chart Configuration
- ⏬ Integration Guide
- ⏬ Policy Management
▶️ Policy Language (this page)- ⏬ Terms and Conditions API
- ⏬ Policy Checks
- ⏬ Policy Decision Endpoint API
Each policy is XACML document that follows a specific template. The fields for this template are:
| Field | Type | Detail |
|---|---|---|
| name | String | Name of the policy |
| description | String | Short description of policy aim |
| config | JSON Object | Policy configuration object |
| scopes | String List | Authentication Service scopes to associate with this policy |
The "config" value is a JSON object that follows the following format:
| Field | Type | Detail |
|---|---|---|
| resource_id | String | Unique Identification of the resource associated with this policy |
| action | String | Action that this policy allows |
| rules | JSON Object | Applied rules to this policy |
Here is an example of the rules JSON object, where a passed user_name must be equal to the user_name registered with this resource:
{
"AND": [ {
"EQUAL": {
"user_name" : user_name
}
}
]
}And here is an example of a complete policy, using the above policy configuration:
{
"name": "My Beautiful Policy",
"description": "This is an ownership enforcement policy",
"config": {
"resource_id": "d290f1ee-6c54-4b01-90e6-288571188183",
"action": "view",
"rules": [
{ "AND": [ {"EQUAL": {"user_name" : user_name } }] }
]
},
"scopes": [
"public",
"myOtherAttr"
]
}⏭️ Next step: Terms and Conditions API