The Policy Administration Point (PAP) is the system entity that creates a policy or policy set and manages them. WSO2 Identity Server can act as a PAP that provides comprehensive support on managing policies.
A XACML policy has a clearly identifiable life cycle inside a PAP.
Following is an illustartion of the life cycle within WSO2 Identity Server.
- We can create XACML policies using the provided editors.
- Once we are satisfied with the policy we have wrote we can evaluate that for expected behavior with sample requests without putting the policy into action in PDP.
- If there are any correction to be made, we can still do that. At this point Identity Server will automatically keep versioning the policy so that we can go back to a previous version of the policy.
- Once above cycle comes to an end with a policy that is throughly tested and cater for expected behavior, we can publish it to PDP.
- Then we have view what are the policies available in the PDP and enable them as desired.
The following topics provide instructions on how to configure the PAP.