Typical project structure and metadata
To author XACML policies using ALFA, a set of metadata declarations is needed. Typically an ALFA project will need the following types of artifacts to author policies.
- XACML data types
- Operators
- Functions
- Combining algorithms
- Attribute categories
- Attributes
- Files with custom attribute declarations
- Files with custom advice and obligation declarations
- Files with the policies themselves
The system.alfa file provides standard declarations for the artifacts listed above.
It is possible to define custom data types, operators, functions, combining algorithms and attribute categories, but it is typically not necessary.
With regard to namespace use, there are two recommended ways to organize namespaces.
For small projects, an artifact type structure works well. A namespace called "Attributes" is used for custom attribute declarations, whereas namespaces called "Obligations" and "Advice" are used for custom obligation and advice declarations respectively. The policies can be in a namespace called "Policies".
For larger projects, or if there are multiple projects, it is recommended that the namespaces are organized according to domain. The following is an example:
- Namespace "User" for subject attributes.
- Namespace "Document" for attributes, obligations and advices relating to resources in document management.
- Namespace "Export" for attributes related to export control legislation.
- Namespace "PortalA" for policies for the application called "Portal A".