Skip to main content
Version: 7.5

Introduction

The Axiomatics® Services Manager (ASM) is a web-based, multipurpose management interface within the Axiomatics authorization system that provides key centralized functions for policies, domains, attribute definitions, and attribute sources.

Multiple authorization domains can be centrally managed through a single ASM instance.

ASM includes a web-based Policy Editor for policy authoring and policy visualization. The graphical user interface of the Policy Editor simplifies policy authoring and policy verification, and allows easy visualization of even complex and nested expressions.

Axiomatics Authorization system

The Axiomatics® Authorization system is the industry-leading solution to control access to critical applications. Using externalized dynamic authorization, it provides an efficient policy engine, and the most complete solution available for enterprise-wide roll out of Policy and Attribute Based Access Control (PBAC and ABAC).

The Axiomatics Authorization system is a suite of components that includes:

Axiomatics Services Manager (ASM)

ASM is a web-based, multipurpose management interface within the Axiomatics Authorization system that provides key centralized functions for policies, domains, attribute definitions, and attribute sources. Learn more about ASM.

Policy Designer

Policy Designer is a web application bundled with ASM that allows business and application owners to express simple policies in a natural language, removing the burden of learning a formal authorization language. Learn more about Policy Designer.

Authorization Domain Manager (ADM)

ADM is a content-management system, tailored for authorization domains. It is a service that stores and manages domains in a secure way, providing enterprise with fine-grained data access control.

ADM is suitable for deployment in microservices, cloud, or hybrid architectures.

Access Decision Service (ADS)

ADS is a cloud-native authorization engine, suitable for flexible deployment in microservices, cloud or hybrid architectures. In an externalized access control architecture, Access Decision Service corresponds to the Policy Decision Point (PDP).

ADS provides externalized dynamic attribute-based authorization decisions to Policy Enforcement Points (PEPs), providing a REST API in compliance with the XACML 3.0 standard. It runs as a service on the network, exposing a web service interface that can be secured by SSL/TLS.

Contextual Authorization Query (CAQ)

CAQ is a cloud-native service that evaluates reverse query requests. A reverse query response provides information on what conditions need to be satisfied to get an expected Policy Decision Point (PDP) decision.

The components of the suite are downloaded and installed separately, and then used together in combinations as needed, allowing for great flexibility of implementation.

About Axiomatics Services Manager

The Axiomatics® Services Manager (ASM) is a web-based, multipurpose management interface within the Axiomatics Authorization system that provides key centralized functions for policies, domains, attribute definitions, and attribute sources. Multiple authorization domains can be centrally managed through a single ASM instance.

ASM provides four main features:

  • Authorization Domain Management - Authorization domains represent the way Axiomatics defines authorization situations. They are aggregates of domain data (policies, attributes, attribute connectors, etc.) used to evaluate an access request and produce a "permit" or "deny" response. ASM is primarily used to create and configure authorization domains through which authorization services can be managed.
  • Attribute Dictionary - ASM works with policy-based authorization solutions. The policies use attributes as basic building blocks. ASM provides an attribute dictionary to define and manage these attributes.
  • Attribute Connectors - The different authorization services services are capable of retrieving additional metadata (attributes) in order to evaluate authorization policies and reach decisions. To do that, XACML attributes are mapped to underlying data stored in different data sources such as LDAP directories and SQL databases. Administrators can define such mappings using ASM.
  • Policy Editor - The Policy Editor is a development tool intended to simplify the creation and maintenance of authorization policies. The graphical user interface of the Policy Editor simplifies policy authoring and policy validation, and also allows visualization of complex and nested expressions.

Authorization services

Access Decision Service (ADS) is the cloud-native form factor of the PDP. It is a service that provides externalized dynamic attribute-based authorization decisions to Policy Enforcement Points (PEPs), providing a REST API in compliance with the XACML standard. See to the Access Decision ServiceOpens in a new tab documentation for more information.

Notices

AXIOMATICS® is a registered trademark of Axiomatics AB, corporate identification no. 556708-1012, Sweden. Other trademarks are the property of their respective owners.

Except as otherwise expressly agreed in writing by Axiomatics AB, information in this document does not constitute in any way a representation, warranty or commitment on the part of Axiomatics.

Copyright © 2012-2024 Axiomatics AB. All Rights Reserved.