IV. Implementation Guide

Technical Lessons Page

Section 3.1 presents 8 lessons in the syntax and evaluation process of XACML.  You can download all 8 lessons or browse this annotated list to select a particular lesson.

3.1.1              Basic Policy Authoring and Evaluation.  Dissect sample XACML policies and inspect their syntax.  Dissect sample XACML requests and evaluate them against the applicable policy.  Master Subject Match and Resource Match rules.  Draft a XACML request.  Review XACML responses generated by the Virtual Machine. 

3.1.2              Attribute Value Spacing Pitfall.  Dissect a sample XACML policy with a spacing error.  Review a “not applicable” XACML response.

3.1.3              Multiple Match-Predicates per Instance, Multiple Instances per Class.  Dissect sample XACML policies with multiple match-predicates and multiple instances.  Draft XACML requests that yield specified responses.

3.1.4              Referencing Resource Content.  Dissect sample XACML policies that require the evaluation of attributes in requested data.  Dissect sample XACML requests that seek access to specific data.  Dissect the XML schema and instances of the requested data.  Draft rules and requests with resource targets.  Review XACML responses generated by the Virtual Machine.

3.1.5              Rule Conditions.  Dissect sample policies that use XACML functions other than matching to enforce a wide variety of conditions.  Draft XACML policies that express conditions.

3.1.6              Aggregating Multiple Rules.  Through inspection and drafting practice, masterXACML’s rule-combining algorithms.

3.1.7              Aggregating Multiple Policies.  Through inspection and drafting practice, master the combination of policies into a policy set.  

3.1.8              Obligations.  Examine XACML’s expression of two kinds of obligations:  to write to an audit log and to notify a data owner.  Master XACML’s evaluation of obligations.

Section 3.2 provides step-by-step guidance in developing XACML policies for the sample implementation.

Section 3.3 provides step-by-step guidance in configuring and integrating the components of the sample implementation. We recommend accessing technical lessons 3.2 and 3.3 in the full download of the Implementation Guide.

Go to First Module