Version: 26.1

Authorization Domain layout

The src/authorizationDomain directory represents an authorization domain, mirroring the structure of the single-file YAML domain representation used by ADS.

Each section (metadata, attributes, and attributeCache) corresponds to a YAML file with the same name. For example, identity.yaml. The policy field corresponds to the alfaSpecifications folder and the attributeConnectors field corresponds to the attributeConnectors folder.

To exclude a field from the domain, omit the corresponding file or folder.

Important

An empty file will generate a section with the YAML value null, which is invalid for all sections.

metadata.yaml
Defines the value of the metadata field in the single-file domain representation. For example:
metadata.yaml
```
status: under development
createdBy: Bob
approvedBy: Alice
```
note
If applicable, the Git commit ID, message, and author will be automatically added to the metadata.
alfaSpecifications/
This directory corresponds to the policy field in the single-file domain representation. All files within this directory are processed as ALFA policies.

attributes.yaml

Defines the value of the metadata field in the single-file domain representation. For example:

attributes.yaml
acme.role:
  xacmlId: acme.role
  category: AccessSubject
  datatype: string
acme.resource.identity:
  xacmlId: acme.resource.identity
  category: Resource
  datatype: string

attributeConnectors/connector_1.yaml

Defines the settings for the attribute connector identified as connector_1. All configuration settings can be included in this file. For example:

connector_1.yaml
className: com.axiomatics.attributeconnector.parser.json.ConnectorModule
providedAttributes:
  - attributeName: user.role
  - attributeName: resource.location
  - attributeName: user.location
configuration:
  identifier: ourConnector
  source:
    json:
      value: |
        {
            "users": {
                "martin": {
                    "role": "manager",
                    "location": "stockholm"
                },
                "cecilia": {
                    "role": "consultant",
                    "location": "london"
                }
            },
            "resources": {
                "2": {
                    "location": "stockholm"
                },
                "1": {
                    "location": "london"
                }
            }
        }
  mappings:
    - attributeName: user.role
      jsonPath: $.users['##1##'].role
      keys:
        - attributeName: user.identity
    - attributeName: user.location
      jsonPath: $.users['##1##'].location
      keys:
        - attributeName: user.identity
    - attributeName: resource.location
      jsonPath: $.resources['##1##'].location
      keys:
        - attributeName: resource.identity

Alternatively, you can define the configurationString value in a separate file (see below) if it is large or complex.

attributeConnectors/connector_2.yaml
If this file omits the configurationString field, its value is read from a file named connector_2.configurationString.* (see below). This additional file is optional, but it's an error if multiple files match the pattern.
attributeConnectors/connector_2.configurationString.xml
The file extension is ignored, so use any extension that's convenient for editing.
note
This file is ignored if there is no corresponding connector_2.yaml file or if connector_2.yaml already includes a configurationString field.
attributeCache.yaml
Defines the value of the attributeCache field in the single-file domain representation. For example:
attributeCache.yaml
```
acme.role:
  timeToLive: 1 day
  maxItems: 1000
acme.resource.identity:
  timeToLive: 15 minutes
  maxItems: 1000
```
decisionParameters.yaml
Defines the value of the decisionParameters field in the single-file domain representation. For example:
decisionParameters.yaml
```
partialEvaluationThreshold: 3
```