Skip to content
ALFA: Abbreviated Language for Authorization - Documentation byAxiomatics

Attribute designators

AttributeDesignators in policies refer to the attribute declarations for translation to the full XACML syntax. They are referred to using the short name given for the attribute. The MustBePresent and Issuer attribute can be defined with the AttributeDesignator.

Some valid AttributeDesignators are:

role[mustbepresent]
role[mustbepresent issuer="Axiomatics"]
role[issuer="Axiomatics"]
role

The attribute designators can then be used in expressions using operators and functions. For instance the following target uses the "Attributes.resourceType" attribute designator to match the value "document".

target clause Attributes.resourceType == "document"

Atomic attributes and bags

All attribute designators return bag values. Some functions require atomic values. To convert the attribute designator to an atomic value, use the appropriate one-and-only function. For instance, the following example concerts the subject's age into an atomic value so it can be used in arithmetic operators.

integerOneAndOnly(Attributes.age) + integerOneAndOnly([Attributes.trainingPeriod]) < 50

This assumes that the attribute's age and training period contain exactly one value. If there are no values or multiple values, then the one-and-only function will return an Indeterminate result.

Axiomatics
The Visual Studio Code extension for ALFA was developed by Axiomatics.
ABOUT
About Us
Contact Us
GET SUPPORT
support@axiomatics.com
FOLLOW US
© Axiomatics 2021
Privacy PolicyCookies Policy