Introduction
Authorization Domain Manager (ADM) is a content-management system, tailored for authorization domains. It is a service that stores and manages domains in a secure way, providing enterprise with fine-grained data access control.
ADM is a standalone application with a standardized API for serving authorization domains to authorization engines in production. It is suitable for deployment in microservices, cloud, or hybrid architectures.
The products of Axiomatics are made up of suites of components that are downloaded and installed separately, and then used together in combinations as needed, allowing for great flexibility of implementation. There are core components, included in the standard license, as well as add-ons that are licensed separately. Authorization Domain Manager (ADM) is included as a core component in the Axiomatics Authorization system.
Axiomatics Authorization system
Axiomatics Authorization system is the industry-leading solution to control access to critical applications. Using externalized dynamic authorization, it provides an efficient policy engine, and the most complete solution available for enterprise-wide roll out of Policy and Attribute Based Access Control (PBAC and ABAC).
Within APS, ADM is a standalone application that performs some but not all of the tasks handled by the Axiomatics Services Manager (ASM), that is, ADM will only manage domains.
Governance and auditing
ADM also supports governance and compliance management. The auditor can have access to ADM directly, as well as to the logs of ADM itself and the authorization engine in use, and thus be able to verify and audit the operations made by different actors in the system.
The authorization domain
Authorization domains represent the way Axiomatics defines authorization situations. They are aggregates of domain data (policies, attributes, attribute connectors, etc.) used to evaluate an access request and produce a permit or deny response.
The authorization domain data is stored in a database, and does not actually exist as a document outside the physical file representation (the domain configuration file) used by an authorization engine. There are two formats used for domain representation.
Authorization Domain document format version 2
With the release of Access Decision Service 1.4, Axiomatics introduced a new format, Authorization Domain document format version 2. This is the format used by ADM when storing, retrieving, and otherwise managing authorization domains.
The new document format provides a number of benefits, for example:
- The document is human-readable, which makes it easy to analyze and maintain.
- Specialized software tools are not required to create the document; editing can be done using a regular text editor.
- The document structure follows a concise syntax, and it is easy to embed other text-format data inline in the domain configuration.
- The document format is well-suited to source control.
The format can be represented in either YAML or JSON.
Notices
AXIOMATICS® is a registered trademark of Axiomatics AB, corporate identification no. 556708-1012, Sweden. Other trademarks are the property of their respective owners.
Except as otherwise expressly agreed in writing by Axiomatics AB, information in this guide does not constitute in any way a representation, warranty or commitment on the part of Axiomatics.
Copyright © 2018-2024 Axiomatics AB. All Rights Reserved.