The authorization domain

Authorization domains are central to the Axiomatics' methodology for defining authorization policies. Essentially, they are logical containers used to organize and manage all the components necessary in evaluating access requests and returning appropriate authorization responses.

A domain groups the following data:

• Policies: The set of rules that define access logic (who can do what under which conditions).
• Attributes: The vocabulary of the authorization system (user roles, resource sensitivity, action IDs, etc).
• Attribute connectors: The components that link to external data sources, such as a database or LDAP directory, to dynamically fetch the real-time values needed to evaluate and resolve access requests.
• Attribute cache: A cache used to store attribute values retrieved from attribute connectors, aiming to enhance performance.
• Partial evaluation threshold: An indicator specifying the minimum number of individual requests a multiple-decision request must contain before the authorization engine attempts to optimize it.

These bundles form aggregates of domain data, which are then used to evaluate access requests and produce "permit" or "deny" responses.

Authorization domain file

ADS uses the authorization domain configuration file, or domain file for simplicity, to manage the distribution of policies and attribute source configurations for authorization decisions.

The domain configuration file is in YAML format. For more information on creating and exporting of YAML-format domain files in ASM, refer to Domain managementOpens in a new tab of the Axiomatics Services Manager documentation.

For more information about deploying each format, see Authorization domain configuration.

Read the Using the domain file section to learn how to utilize it.