XACML AuthzForce - 评估非 XACML 3.0 格式的请求

Question

I want to use the policy decision point (PDP) of AuthzForce to evaluate requests (reference: https://github.com/authzforce/core#java-api ). These requests are not in the XACML 3.0 format, but in the XML format with additional elements which are not part of XACML. The requests contain all elements of the XACML 3.0 format and additional ones (like dataSource, purpose, ...).

Is there a way to use the PDP of AuthzForce with requests which are not in the XACML 3.0 format?

I have an already existing XML format, looking like this (simplified): https://www.codepile.net/pile/zJrq1XeA

Now I want to extend it to also support access control using XACML. My initial idea was to add the XACML elements to the XML file, but then the question arrises whether I can still evaluate it with eg AuthzForce. The purposeList would be my PolicySet, the purpose a Policy and under purpose I would include my rules.

Answer 1

No there isn't. There isn't any XACML engine (be it AuthZForce or another) that can understand anything but XACML. You have to respect the XACML format so that the PDP can process the request.

The XML format of the XACML request does allow for arbitrary XML Content. Additionally, you can add any number of attributes with any value (any format) which can then be processed by an attribute connector (eg an XML parser, a JSON parser).

To further help you, we'd need to see an example of what you have in mind and why you want to use a PDP and yet not respect the XACML standard.