The authorization domain

Authorization domains are central to Axiomatics' methodology for defining authorization policies. They serve as comprehensive collections of domain-specific data such as policies, attributes, and attribute connectors, which are essential in evaluating access requests and returning appropriate authorization responses.

Based on requests, the authorization responses are listed in the table below:

Response	Description
Permit	Indicates the access request has been approved, and the subject is authorized to proceed with the action requested.
Deny	Means the access request has been rejected, preventing the subject from performing the action they sought authorization for.
NotApplicable	Given when the access request doesn't match any policies or scenarios in the domain, meaning there are no relevant rules for decision-making.
Indeterminate	Used when the system cannot decide on the access request, possibly due to insufficient information, policy evaluation errors, or system failures.

The data of the authorization domain, used by Access Decision Service (ADS) to evaluate responses, is stored in a domain configuration file. This file contains a collection of XACML policies and settings, including attribute connectors and cache configurations.

Authorization domain file

ADS uses the authorization domain configuration file, or domain file for simplicity, to manage the distribution of policies and attribute source configurations for authorization decisions.

The domain configuration file is in YAML format. For more information on creating and exporting of YAML-format domain files in ASM, refer to Domain managementOpens in a new tab of the Axiomatics Services Manager documentation.

For more information about deploying each format, see Authorization domain configuration.

Validation

On start-up, ADS validates the domain configuration file against the requirements and constraints as described for each section. If ADS finds an error, it displays an error message and will stop from running.