The Policy Administration Point (PAP) is the system entity that creates a policy or policy set and manages them. WSO2 Identity Server can act as a PAP that provides comprehensive support on managing policies.
A XACML policy has a clearly identifiable life cycle inside a PAP.
Following illustartion shows the life cycle of a policy within WSO2 Identity Server.
- We can create XACML policies using the provided editors.
- Once we are satisfied with the policy we have written, we can evaluate that for expected behavior with sample requests without putting the policy into action in Policy Decision Point (PDP).
- Any corrections can be made at this stage. At this point the Identity Server will automatically keep versioning the policy so that we can go back to a previous version of the policy.
- Once above cycle comes to an end with a policy that is throughly tested and cater for expected behavior, we can publish it to PDP.
- Then we can view the available policies in PDP and enable them as desired.
The following topics provide instructions on how to configure the PAP.
- Creating a XACML Policy
- Editing a XACML Policy
- Managing the Version of a XACML Policy
- Publishing a XACML Policy
- Viewing the Status of a XACML Policy
- Writing a XACML Policy using a Policy Template
- Configuring Access Control Policy for a Service Provider
For more information on XACML, see Access Control and Entitlement Management.