Skip to main content
Version: 1.2

Introduction to Authorization Domain Manager

Authorization Domain Manager (ADM) is a content-management system specifically designed for authorization domains. This service securely stores and manages domains, offering enterprises fine-grained data access control. ADM operates as a standalone application, providing a standardized API for delivering authorization domains to authorization engines in production environments. It is suitable for deployment in microservices, cloud, or hybrid architectures.

ADM also supports governance and compliance management. Auditors can directly access ADM, its logs, and the logs of the authorization engine in use. This comprehensive access allows them to verify and audit operations performed by various actors within the system.

The authorization domain

Authorization domains bundle together authorization policies and their associated configurations, such as attributes and attribute connectors. These bundles form aggregates of domain data, which are then used to evaluate access requests and produce "permit" or "deny" responses.

While authorization domain data is stored in a database, it does not exist as a distinct document outside of the physical file representation (the domain configuration file) utilized by an authorization engine.

With the release of Access Decision Service 1.4, Axiomatics introduced a new format: Authorization Domain document format version 2. This is the format used by ADM when storing, retrieving, and otherwise managing authorization domains. This new format provides several benefits:

  • Human-readable: The document is easy to analyze and maintaine due to its human-readable nature.
  • No specialized tools required: Documents can be created and edited using a regular text editor, eliminating the need for specialized software.
  • Concise syntax and embedded data: The document structure follows a concise syntax, allowing for easy inline embedding of other text-format data within the domain configuration.
  • Source control friendly: The document format is well-suited for source control systems.

This format can be represented in either YAML or JSON.

Axiomatics Authorization system

Authorization Domain Manager (ADM) is a core component of the Axiomatics Authorization system. This comprehensive suite comprises separately downloaded and installed components that are utilized in combination as required.

The Axiomatics Authorization system is the industry-leading solution for controlling access to critical applications. By leveraging externalized dynamic authorization, it offers an efficient policy engine and the most complete solution available for enterprise-wide implementation of Policy and Attribute-Based Access Control (PBAC and ABAC).

Axiomatics Authorization system components

The Axiomatics Authorization system is a suite of components that, apart from ADM, includes:

  • Access Decision Service (ADS)

    ADS is a cloud-native authorization engine that functions as the Policy Decision Point (PDP) and delivers dynamic, attribute-based authorization decisions to Policy Enforcement Points (PEPs) through a REST API, adhering to the XACML 3.0 standard.

  • Authorization Domain Manager (ASM)

    ASM is a web-based, multipurpose management interface within the Axiomatics Authorization system that provides key centralized functions for policies, domains, attribute definitions, and attribute sources. It also includes Policy Designer, a web application that allows business and application owners to express simple policies in a natural language, removing the burden of learning a formal authorization language.

  • Contextual Authorization Query (CAQ)

    CAQ is a cloud-native service that evaluates reverse query requests. A reverse query response provides information on what conditions need to be satisfied to get an expected Policy Decision Point (PDP) decision.

  • Axiomatics Policy DevOps (APD)

    APD is a tool for developing, testing, and deploying ALFA policies and attribute connectors within your Attribute-Based Access Control (ABAC) environment. Built on Gradle and JUnit, it allows for a comprehensive testing approach that includes unit, integration, and system tests.

Featured content

Notices

AXIOMATICS® is a registered trademark of Axiomatics AB, corporate identification no. 556708-1012, Sweden. Other trademarks are the property of their respective owners.

Except as otherwise expressly agreed in writing by Axiomatics AB, information in this guide does not constitute in any way a representation, warranty or commitment on the part of Axiomatics.

Copyright © 2018-2025 Axiomatics AB. All Rights Reserved.