The authorization domain
Authorization domains represent Axiomatics way of defining authorization situations. They are aggregates of domain data (policies, attributes, attribute connectors, etc.) used to evaluate an access request and produce a permit or deny response.
The authorization domain data is stored in a database, and does not actually exist as a document outside the physical file representation (the domain configuration file) used by an authorization engine. The domain can be represented in different ways.
Authorization domain document format version 1
Previously, there was only one document format, the XML-format representation produced using Axiomatics Services Manager (ASM).
With the introduction of a new domain document format, it has been retrospectively renamed Authorization Domain document format version 1. It is sometimes referred to as a legacy format, for example in the ADS configuration property legacyXmlConfig.
The XML-format domain documents can only be created in ASM (up to and including version 6.2.9). They can be exported from ASM (up to and including version 6.2.9), either via the ASM UI or the Admin API. The format is not human-readable, and should not be edited outside ASM.
The ADS authorization engine uses the XML-format domain configuration file via the configuration property legacyXmlConfig.
Customers wanting to convert legacy XML-format (or version 1) authorization domain configuration files to YAML-format (or version 2) authorization domain configuration files are requested to contact Customer SupportOpens in a new tab, who will assist with conversion services.
Authorization domain document format version 2
With the release of Access Decision Service 1.4, a new format was introduced, Authorization Domain document format version 2, based on a YAML representation. The new document format provides a number of benefits, for example:
The document is human-readable, which makes it easy to analyze and maintain.
Specialized software tools are not required to create the document; editing can be done using a regular text editor, which makes it possible to configure and run ADS without being dependent on ASM for creating the required configuration file.
The document structure follows a concise syntax, and it is easy to embed other text-format data inline in the domain configuration.
The document format is well-suited to source control.