It is by far the most important aspect of XACML.
这就是XACML最主要的方面。
Most of the action in XACML takes place in a policy.
XACML的多数动作发生在策略中。
XACML is composed of many components described in Figure 1.
XACML由图1中所示的多个组件组成。
XACML is an attempt to bring standardization to this domain.
XACML是将该领域标准化的一次尝试。
To implement an XACML-based authorization, you first need to write a policy.
为了实现基于XACML的授权,您必须先编写一个策略。
XACML addresses the exchange of policy decisions between the PEP and the PDP.
XACML解决了PEP与pdp之间的策略决策交换问题。
For the PDP, the location of the XACML policy file does not need to be on-box.
对于PDP,不需要事先指定XACML策略文件的位置。
Keep in mind that XACML has three top-level components: a policy, a PEP, and a PDP.
要记住,XACML有三个顶层组件:策略、PEP和PDP。
XACML is an initiative to develop a standard for access control and authorization systems.
XACML的初衷是开发一项访问控制和授权系统的标准。
How these authorization requests are processed internally is addressed by XACML standards.
内部如何处理这些授权请求则由XACML标准解决。
It creates the authorization request for which you are creating all these XACML components!
它为您创建的所有这些XACML组件创建授权请求!
XACML is a flexible standard and allows policy authors to build complex access control policies.
XACML是一个灵活的标准,并且允许策略创建者构建复杂的访问控制策略。
In this article, I have taken you through the process of creating the essential XACML components.
本文介绍了创建基本的XACML组件的过程。
XACML (Extensible access control Markup Language) for federated authorization and access control.
联邦授权和访问控制的XACML(可扩展访问控制标记语言)。
But in this scenario, you don't need the full power of XACML and will build a fairly simple policy.
但在这个场景中,您没有必要利用XACML的所有功能,而是构建一个非常简单的策略。
Also, if you switch PDP implementations, you can re-use the XACML policies written for the old PDP.
另外,如果更换PD P实现,则可以重用为旧PDP编写的XACML策略。
In this case, you use the function urn: oasis: names: tc: xacml: 1.0: function: string-one-and-only.
该例中使用函数urn:oasis:names:tc:xacml: 1.0:function: string - one - and -only。
Therefore, you need to define an XSLT stylesheet transforming incoming SOAP packages into XACML requests.
因此,您需要定义一个XSLT样式表来将进入的SOAP包转换成XACML请求。
With this knowledge, you can adopt XACML to handle access control in all your current and future applications.
掌握这些知识之后,就可以在当前和将来的应用程序中采用XACML处理访问控制。
These modules are mechanisms used by Sun's implementation of XACML to find attributes, policies, and resources.
这些模块是SUNXACML实现用来发现属性、策略和资源的机制。
Select and configure parameters such as the XACML version, as well as the location of the transformation script.
选择并配置参数,比如XACML版本和转换脚本的位置等。
After you've created all of the required XACML components, you should get an authorization decision for this request.
创建所有必需的XACML组件之后,应该能够获得该请求的授权决策。
Sun's XACML implementation is used for all the coding examples in this article (see Resources for the implementation.)
本文中的代码例子都使用Sun的XACML实现(请参阅参考资料)。
The creation of the PEP is the next step in creating the XACML components required to process the authorization request.
创建处理授权请求所需XACML组件的下一步是创建PEP。
If you created all the XACML components as described in this article, the PDP will give the Permit authorization decision.
如果完全按照本文所述创建XACML组件,PD p将提供Permit授权决策。
XACML provides a mechanism called AttributeDesignator that compares the attribute values in the request and in the policy target.
XACML提供了一种称为AttributeDesignator的机制,用它来比较请求与策略目标中的属性值。
A system that supports XACML is composed of two primary components: a Policy Enforcement Point (PEP) and a Policy Decision Point (PDP).
支持XACML的系统由两个主要组件构成:策略执行点(Policy Enforcement Point,pep)和策略决策点(Policy Decision Point,pdp)。
The PEP creates an XACML request and sends it to the Policy Decision Point (PDP), which evaluates the request and sends back a response.
PEP创建一个XACML请求并发送到策略决策点(PDP),后者评估请求并返回一个响应。
XACML builds on SAML by providing the actual semantics used to define access control policy and authorization request and response messages.
XACML构建于SAML之上,提供了用于定义访问控制和授权请求及响应消息的实际语义。
You can capture Access Control Rules in XACML and reference life cycle states and semantic annotations such as classifications, and properties.
您可以在XACML 中捕获访问控制规则,并引用生命周期状态和诸如分类及属性等语义标注。
应用推荐