XACML-Studio (XS) is an authorization policy editor that allows creating, editing, importing from XML and exporting to XML policies defined by XACML 2.0 specification [1]. XS is a web application that runs on Rails [2] platform.
Picture 1. Main Screen
All policies are stored in MySQL database. Each XML element that is defined in XACML 2.0's "urn:oasis:names:tc:xacml:2.0:policy:schema:os" namespace is mapped to a database object. This approach makes policy repository searchable. Each policy or policy set in the repository can be used as a template for building a new policy or policy set. Copy/Paste operations are applicable to any object stored in the repository making it easy to use existing policy fragments as building bricks for new policies. There are two paste operations available: deep and shallow. The former copies the selected node and all descendants, while the latter copies the selected node only.
Picture 2. Copy/Paste
The XS's UI is implemented with EXT JavaScript library [3]. EXT's UI elements like Tree View and Grids have been used to render the policy's objects in hierarchical manner and show object's properties. The partial data load is used to avoid transmitting too many policy objects to a browser within one HTTP request. Only limited number of top policy objects are loaded in each request. More data can be loaded when a user expands a tree node or press "next/previous" button to navigate through top level objects.
Picture 3. Next/Previous
The policies can be filtered as well by using "Filter" options. Currently policy or policy set IDs and description fields are used for filtering.
Picture 4. Filtering
To see all descendants of a selected object "Expand All" menu item can be used:
Picture 5. Expand All
A context menu is associated with each tree node. The menu contains all functions that are available for a current node (e.g. multiple "New" items).
Picture 6. Context Menu
To reduce native XACML verbosity short names and symbols are used for data types and function names. A user doesn't need to remember the full function name or data type - she can select them from a predefined list with short and more intuitive names.
Picture 7. Choosing Function ID
Picture 8. Choosing Data Type
A user can import a policy/policy set from an existing XML document. One policy set is predefined in XS and is used as a pseudo root for all other policies and policy sets. After a policy is imported, all its XML elements become database objects in policy repository and can be used as building bricks for other policies. Any XS's object that exists in policy repository can be exported back to an XML file.
Picture 9. Importing an XML
Picture 10. Exporting an XML
XS has been tested on Windows and Linux/Debian with the following Rails configuration:
By default server will run in 'development' mode, if you want to run it in 'production' mode, uncomment:
# ENV['RAILS_ENV'] ||= 'production' in <ROOT>/config/environment.rb
If you run server in production mode, make sure that production database user is given administrative permissions. If everything was installed successfully the working URL for XS should be available at http://localhost:3000/xs/index.html
To add a new user to XACML-Studio, edit SMTP settings in <ROOT>/config/environments/development.rb (or production.rb), because an email notification is used when a new user is added. By default, all users have read-only permission to the policies. If you need a full read-write access to the system, register as a super user with the user ID 'admin'. To change the default super user ID edit the following line in the same *.rb file:
XS_Config.super_users = ['admin']
Note: WWW::Mechanize perlmod is required to run this script
To export policy sets use:
To export policies use:
Note: WWW::Mechanize perlmod is required to run this script
XS has been tested by importing all policies from XACML 2.0 conformance test suite [4], exporting them back to XML files and validating the exported files with XACMLight [5] PDP engine.
# | Type | URL |
---|---|---|
1. | Download Page | http://sourceforge.net/project/showfiles.php?group_id=243604 |
2. | Subversion Trunk | https://xacml-studio.svn.sourceforge.net/svnroot/xacml-studio/trunk |
Eclipse [6] and Aptana Studio [7] have been used as a major development tool for creating XS.