Skip to main content
Version: 1.0

The authorization domain

Authorization domains represent the way Axiomatics defines authorization situations. They are aggregates of domain data (policies, attributes, attribute connectors, etc.) used to evaluate an access request and produce a permit or deny response.

The authorization domain data is stored in a database, and does not actually exist as a document outside the physical file representation (the domain configuration file) used by an authorization engine. There are two formats used for domain representation.

Authorization Domain document format version 2

With the release of Access Decision Service 1.4, Axiomatics introduced a new format, Authorization Domain document format version 2. This is the format used by ADM when storing, retrieving, and otherwise managing authorization domains.

The new document format provides a number of benefits, for example:

  • The document is human-readable, which makes it easy to analyze and maintain.
  • Specialized software tools are not required to create the document; editing can be done using a regular text editor.
  • The document structure follows a concise syntax, and it is easy to embed other text-format data inline in the domain configuration.
  • The document format is well-suited to source control.

The format can be represented in either YAML or JSON.