Search This Blog

Friday, February 15, 2008

Google Code Project Provides an Enterprise Java XACML Implementation

The 'enterprise-java-xacml' Google Code Project provides a high
performance XACML 2.0 implementation that can used in the enterprise
environment. A first release has been announced; the software is
made available under the Apache License 2.0. Enterprise Java XACML
intends to fully implement OASIS XACML 2.0 and will support XACML
3.0 in the future. It is a totally independent implementation. It
fully implements XACML 2.0 core standard and has passed all
conformance tests. It provides PDP that can accept XACML requests
and returns XACML responses. The software is said to offer a highly
effective target indexing mechanism that greatly speeds up policy
searching: completely cached decisions that can speed up the
evaluation, and completely cached policies that can speed up the
evaluation. It supports a plugable data store mechanism: users can
implement their own data store by implementing only a few interfaces;
a file data store implementation is provided. It features a plugable
context factory: users can implement their own context factory that
wrap request/response in a specific format, and a default
implementation is supplied. A plugable logger mechanism means users
can implement their own logger mechanism: "I've provided 2 types of
logger, one is log4j, the other is a default logger; if log4j
conflicts with user's system, they may want to use this default one."
The tool supports an extensible XACML function registering mechanism;
users can write their own functions and register them to PDP and then
use in policies. The extensible attribute retriever mechanism means
that users can write their own attribute retriever to retrieve
attributes from external systems. It provides simple PAP APIs that
can be used to produce XACML policy files; users who want write an
XACML policy administrative UI can also rely on these APIs. Both
XACML APIs and an application framework are supported, which means
users can incorporate this implementation by calling XACML APIs from
their own applications. The implementation also provides a standalone
application framework that users can start and directly send XACML
request to it for evaluation. The software is distributed with unit
tests and conformance tests against XACML 2.0. More Information

2 comments:

IT-Worx said...

Comparing to Sun's XACML implementation, what are the pros/cons of this implementation?

Pierce said...

Great question IT-Worx, you took the thoughts of my head and just wrote them here, it was the same question I was about to ask.


------------------------------------------
buy Cialis