Standalone Authorisation Server

Version 0.3.2

The standalone authorisation server is a Web Services based authorisation server. It can be used as an AIPEP [1] or Credential Validation Service [2] or PDP to respond to an application's request for authorisation related services such as an authorisation decision, credential validation, and/or obligation enforcement.

It is a Java based application with an embedded Apache Axis2 service that accepts requests for authorisation services using three standardised protocols messages sent using SOAP over HTTP or SOAP over HTTPS. The first of these protocol languages is an XACML request/response context [3]. The second is a XACML over SAML [4] and the final protocol is a Ws-Trust and SAML [5]. This server supports the use of multiple policies when XACML over SAML or WS-Trust and SAML message handlers are queried.

As of version 0.2.1 you can also deploy the service in a servlet container like Tomcat. This helps you take full advantage of Tomcat's capabilities, although not all features are currently available when deploying within Tomcat. See the documentation for more details.

As of version 0.2.1 the software completely supports BTG policies [6] and the use of obligations.

As of version 0.3.2 the software now supports Blacklist and Whitelist policies.

As of version 0.3.3 the software now supports an additional parameter in the policy "EnableNotApplicable". This parameter allows the PDP two modes of operation:

In the case of a DenyBased (Blacklist) policy the behaviour is inverted.

We do not currently release a software client for the server ourselves, instead we recommend the use of the ZXID software available from here which can be used as a compatible SAML XACML client for Apache web servers.

We also provide an example PHP script which makes a pure XACML call via SOAP to the authorization server. This can be downloaded here.

The release is configured with two test PERMIS RBAC policies that can be used to test the service. For information on how to configure and use the server please refer to the user documentation provided below:

This version of the PERMIS standalone server supports the latest schema which can be found here.

  • Downloads
  • Documentation
  • References

  • Note. Future releases of this package will add support for

  • Change Log