The Policy Administration Point (PAP) is the system entity that creates a policy or policy set and manages them. WSO2 Identity Server can act as a PAP that provides comprehensive support on managing policies.
A XACML policy has a clearly identifiable life cycle inside a PAP.
Following is an illustartion of the life cycle within WSO2 Identity Server.
- We can create XACML policies using the provided editors.
- Once we are satisfied with the policy we have written, we can evaluate that for expected behavior with sample requests without putting the policy into action in Policy Decision Point (PDP).
- We can do any corrections at this stage. At this point, the Identity Server will automatically keep versioning the policy so that we can go back to a previous version of the policy.
- Once above cycle comes to an end with a policy that is throughly tested and cater for expected behavior, we can publish it to PDP.
- Then we can view the policies available in the PDP and enable them as desired.
The following topics provide instructions on how to configure the PAP.
- Creating a XACML Policy
- Editing a XACML Policy
- Managing the Version of a XACML Policy
- Publishing a XACML Policy
- Viewing the Status of a XACML Policy
- Configuring Access Control Policy for a Service Provider
- Writing a XACML Policy using a Policy Template