Skip to main content

The most recent patch for this version is 2.1.1.  Learn more  

Version: 2.1

Introduction to Access Decision Service

Access Decision Service (ADS) is a cloud-native authorization engine designed for flexible deployment across microservices, cloud, or hybrid architectures. In an externalized access control architecture, ADS functions as the Policy Decision Point (PDP). It delivers dynamic, attribute-based authorization decisions to Policy Enforcement Points (PEPs) through a REST API, adhering to the XACML 3.0 standard.

When a PEP intercepts a system action, it sends a corresponding authorization request to ADS. ADS then evaluates this request against applicable policies, accessing its authorization configuration and various attribute sources, which can include LDAP, Active Directory, databases, or identity attributes. Based on this evaluation, ADS delivers a clear permit/deny decision back to the PEP, which then enforces the mandated access control.

ADS operates as a network service, offering a web service interface that can be secured using SSL/TLS. As a standalone application, ADS runs from the command line, allowing for independent deployment and configuration without reliance on external management software. This autonomy enables direct interaction with the authorization engine, facilitating the use of existing tools and deployment strategies consistent with other software. Additionally, ADS's open interface supports diverse attribute sources, making it easily adaptable to various information architectures.

Axiomatics Authorization system

Access Decision Service (ADS) is a core component of the Axiomatics Authorization system. This comprehensive suite comprises separately downloaded and installed components that are utilized in combination as required.

The Axiomatics Authorization system is the industry-leading solution for controlling access to critical applications. By leveraging externalized dynamic authorization, it offers an efficient policy engine and the most complete solution available for enterprise-wide implementation of Policy and Attribute-Based Access Control (PBAC and ABAC).

Axiomatics Authorization system components

The Axiomatics Authorization system is a suite of components that, apart from ADS, includes:

  • Axiomatics Services Manager (ASM)

    ASM is a web-based, multipurpose management interface within the Axiomatics Authorization system that provides key centralized functions for policies, domains, attribute definitions, and attribute sources. It also includes Policy Designer, a web application that allows business and application owners to express simple policies in a natural language, removing the burden of learning a formal authorization language.

  • Authorization Domain Manager (ADM)

    ADM is a content-management system, tailored for authorization domains. It is a service that stores and manages domains in a secure way, providing enterprise with fine-grained data access control.

    ADM is suitable for deployment in microservices, cloud, or hybrid architectures.

  • Contextual Authorization Query (CAQ)

    CAQ is a cloud-native service that evaluates reverse query requests. A reverse query response provides information on what conditions need to be satisfied to get an expected Policy Decision Point (PDP) decision.

  • Policy Testing Framework (PTF)

    PTF is a tool for developing, testing, and deploying ALFA policies and attribute connectors within your Attribute-Based Access Control (ABAC) environment. Built on Gradle and JUnit, it allows for a comprehensive testing approach that includes unit, integration, and system tests.

Featured content

Notices

AXIOMATICS® is a registered trademark of Axiomatics AB, corporate identification no. 556708-1012, Sweden. Other trademarks are the property of their respective owners.

Except as otherwise expressly agreed in writing by Axiomatics AB, information in this document does not constitute in any way a representation, warranty or commitment on the part of Axiomatics.

Copyright © 2012-2025 Axiomatics AB. All Rights Reserved.