'How to Implement ABAC Access Control using NGAC
I want to implement ABAC access control model using the Policy Machine or Next Generation Access Control(NGAC), that provide a general and unified framework to support different types of attribute-based policies with its different Components ( PEP, PDP, PAP, PIP). I'm using JAVA as language and i'm seeking for documentation or Github repositories that can help me.
Solution 1:[1]
If your primary requirement is to implement an ABAC model and not to specifically use Policy Machine or NGAC, I can point you to the open source ABAC engine SAPL.
On the website you can find full documentation, and links to the github repository with the engine and a wide range of primarily Spring-based demo applications in Java. SAPL implements all the ABAC componets you are looking for (PEP, PDP, PAP, PIP). The engine is extensible and you can plug-in custom domain-specific PIPs. You can use embedded PDPs for performance or remote PDPs for central administration. Disclaimer, I am the lead developer of the engine.
Direct links to:
Example Code: https://github.com/heutelbeck/sapl-demos
Documentation: https://sapl.io/sapl-reference.html
Solution 2:[2]
You can visit https://github.com/PM-Master You will find out the implementation of policy machine in java as well as in golang.
Solution 3:[3]
The PM-Master project linked by @c12simple began as a standalone Java project out of NIST called Harmonia.
The implementation here may have some helpful components for you in java.
https://github.com/PM-Master/Harmonia-1.6
As for documentation to help you model ABAC in NGAC, there are some heavy technical documents from the NGAC specifications that may be of some use. They can be pretty dense and dry though.
There were a number of documents that were all consolidated/replaced by INCITS 565. Below is a link to the draft that went out for public comment.
https://standards.incits.org/apps/group_public/download.php/112076/livelink
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | user3166645 |
| Solution 2 | c12simple |
| Solution 3 | john.landa |