Introduction
The Abbreviated Language for Authorization (ALFA) is a domain-specific language designed to simplify and streamline the process of writing and managing access control policies. These policies govern who can access what resources, such as data, applications, and systems.
ALFA is expressive and natural language-inspired, allowing the creation of complex authorization rules, that cover all use cases. Consider the following sentence:
Jane Doe wants to view a confidential document at work during regular business hours.
A sentence like this includes four grammatical building blocks:
- a subject
- an action
- a resource
- the environment in which the request is made
Each of these building blocks can be described in ALFA using attributes:
| Term | Definition | Examples |
|---|---|---|
| Subject | Who or what is demanding access to an information asset. | Roles, group memberships, the department or company to which the user belongs, management level, certifications or competencies, user ID. |
| Action | Action the subject wants to perform. | Read and write are common values. More complex scenarios, like a bank transfer, may use multiple attributes such as action type=transfer and amount=$500. |
| Resource | The information asset or object impacted by the action. | For banking, the resource may be debit account=<your account number>. Respectively, for a law firm, the resource could be a document and an attribute could be case matter = 100. |
| Environment | The context in which access is requested. | Current time, location from where access is requested, client type (PC, smartphone, etc.), type of communication channel (protocol or encryption strength). |
ALFA is easy to maintain and update as its clear syntax and well-defined structure reduces the risk of errors and ensures consistent policy enforcement. Moreover, ALFA can be translated to XACML ensuring compatibility with existing security frameworks and systems.
Proceed to the Quick start section to learn more details about the main concepts of the language
Notices
AXIOMATICS® is a registered trademark of Axiomatics AB, corporate identification no. 556708-1012, Sweden. Other trademarks are the property of their respective owners.
Except as otherwise expressly agreed in writing by Axiomatics AB, information in this document does not constitute in any way a representation, warranty or commitment on the part of Axiomatics.