PERMIS Project Web Site


PERMIS Contents

Home

Essentials Integration Projects Documents Developers Get Involved
PERMIS Policy Editor

Create a PERMIS Policy and Test it

The Policy Editor is a user friendly intuitive way of creating and editing PERMIS policies and optionally signing them and storing them in an LDAP directory. The Policy Editor can save the policy in XML format, or in X.509 Attribute Certificate format. In the latter case, you will need to have an X.509 private key, which will be used by the Policy Editor to sign the policy.

The Policy Wizard is a very user friendly way of quickly creating new PERMIS policies. The main focus of the Policy Wizard is to provide administrators with their desired PERMIS policies in the shortest time possible. Therefore advanced features that are found in the Policy Editor, such as signing and publishing (and all the cryptography functions) are not available in the Policy Wizard. When the Policy Wizard has finished, your policy can be saved as an XML text policy and then you can further edit, update and sign your policy using the Policy Editor. Before saving your policy, the Policy Wizard displays your newly created policy in natural language, so that you can confirm that it has the desired properties.

The Policy Converter is a web service package, which takes a policy in Controlled Natural Language (CNL) as input, and returns a policy in PERMIS XML, in XACML or in OWL/RDF. A interface for authoring policies in CNL is also provided in the Policy Editor. This feature can be accessed through menu item File -> New From Text.

The Policy Tester is a tool used to test PERMIS policies created by Policy Editor and Policy Wizard. Test cases can be created to simulate any users accessing any resources under any conditions, and the users will then be granted or denied access according to the specific PERMIS policy that is read into the Policy Tester. The test cases can be run in either single test mode or batch test mode. The result of running the tests are shown in the output window of the Policy Tester.

Installation Instructions
Both the Policy Editor and Policy Wizard are combined together in one download zip file. After unzipping the contents into a directory of your choice, in order to run the Policy Editor you should run the file pe.bat.  You should then enter the Tools > Configure menu. Here you can enter the details of your own LDAP and WebDAV servers, your own private signing key, and any application specific roles/attributes and environmental parameters that you wish to include in your policy. When you have finished, even if you do not make any changes to the default configuration, you should select Save All & Exit. This will create a configuration file (pe.cfg) that is needed by both the Policy Editor and the Policy Wizard. Once pe.cfg has been created you can either create a new policy or run the Policy Wizard.

The latest version of the Policy Editor and Policy Wizard combined package is available here Policy Editor, v5.2.6, with the release notes.

The latest version of the Policy Converter package is available here Policy Converter, v0.1.0, with the release notes.

The latest version of the Policy Tester package is available here Policy Tester tool, v5.0.2, with the release notes.

From following links you may find all previous releases of Policy Editor, Policy Converter and Policy Tester.


 

Policy Editor - Add-Ons

1. If you already have an installed LDAP directory with write access to it, then you will be able to store your policies in it.
2. If you already have a PKI key pair in PKCS#12 format, you will be able to digitally sign your policy prior to storing it.
3. If you already have an installed Apache WebDAV server with write access to it, then you will be able to store your policies in it.

Frequently Asked Questions

# What is the password for the sample PERMIS.P12 file?
  • Answer: "l3tM3InNow" (starts with lowercase L, not One)


Last updated 20 July 2011