AuthZForce FIWARE Documentation¶
Introduction¶
AuthZForce is the reference implementation of the Authorization PDP Generic Enabler (formerly called Access Control GE). Indeed, as mandated by the GE specification, this implementation provides an API to get authorization decisions based on authorization policies, and authorization requests from PEPs. The API follows the REST architecture style, and complies with XACML v3.0. XACML (eXtensible Access Control Markup Language) is a OASIS standard for authorization policy format and evaluation logic, as well as for the authorization decision request/response format. The PDP (Policy Decision Point) and the PEP (Policy Enforcement Point) terms are defined in the XACML standard. This GEri plays the role of a PDP.
To fulfill the XACML architecture, you may need a PEP (Policy Enforcement Point) to protect your application, which is not provided here. For REST APIs, we can use the PEP Proxy (Wilma) available in the FIWARE catalogue.
Contents¶
- AuthZForce - Installation and Administration Guide
- AuthZForce - User and Programmers Guide
- Background and Detail
- User Guide
- Programmer Guide
- Attribute-Based Access Control
- Domain Management API
- Policy Administration API
- Adding and updating Policies
- Getting Policies and Policy Versions
- Removing Policies and Policy Versions
- Re-usable Policies (e.g. for Hierarchical RBAC)
- Policy Repository (PRP) Properties
- Policy Decision (PDP) Properties
- PDP Extensions
- Policy Decision API
- Fast Infoset
- Integration with the IdM and PEP Proxy GEs (e.g. for OAuth)
- Software Libraries for clients of AuthZForce or other Authorization PDP GEis