Typical project structure and metadata

Authoring XACML policies using ALFA requires a set of metadata declarations to define the essential elements of access control rules. Typically, an ALFA project contains the following artifact types:

XACML data types
Operators
Functions
Combining algorithms
Attribute categories
Attributes
Files with custom attribute declarations
Files with custom advice and obligation declarations
Files with the policies themselves

The system.alfa file provides standard declarations for the artifacts listed above.

It is possible to define custom data types, operators, functions, combining algorithms and attribute categories, but it is typically not necessary.

Namespaces

To facilitate the management and reuse of these artifacts, ALFA projects utilize namespaces. Two common namespace organization approaches are recommended:

Artifact type structure

For small projects or simple policy structures, a dedicated namespace can be assigned to each artifact type. For instance, "Attributes" for custom attribute declarations, "Obligations" and "Advice" for obligation and advice declarations, and "Policies" for the actual policy definitions.

Domain-based organization

For larger projects or complex policy requirements, a domain-based namespace structure is recommended. Each domain, such as "User" for subject attributes, "Document" for resource-related attributes, "Export" for export control-related attributes, and "PortalA" for policies specific to the "Portal A" application, can have its own namespace.

On this page

Typical project structure and metadata

Namespaces

Artifact type structure

Domain-based organization

On this page

On this page

Typical project structure and metadata

Namespaces​

Artifact type structure​

Domain-based organization​

On this page

Namespaces

Artifact type structure

Domain-based organization