Skip to main content
Version: 7.1

Introduction

The Axiomatics® Services Manager (ASM) is a component that is used in different capacities in different products from Axiomatics.

It is a multipurpose management interface within the Axiomatics authorization system that provides key centralized functions for policies, domains, attribute definitions, and attribute sources. Multiple authorization domains can be centrally managed via one ASM instance.

ASM provides four main features:

  • Authorization Domain Management - Authorization domains represent the way Axiomatics defines authorization situations. They are aggregates of domain data (policies, attributes, attribute connectors, etc.) used to evaluate an access request and produce a "permit" or "deny" response. ASM is primarily used to create and configure authorization domains through which authorization services (see below) can be managed.

  • Attribute Dictionary - ASM works with policy-based authorization solutions. The policies use attributes as basic building blocks. ASM provides an attribute dictionary to define and manage attributes.

  • Attribute Connectors - The different authorization services (see below) are capable of retrieving additional metadata (attributes) in order to evaluate authorization policies and reach decisions. To do that, XACML attributes are mapped to underlying data stored in different data sources such as LDAP directories and SQL databases. ASM lets administrators define such mappings. For details on how to map attributes to data sources, see to the Attribute Connector Management chapter.

  • Policy Editor - The Policy Editor is a development tool intended to simplify the creation and maintenance of authorization policies. The graphical user interface of the Policy Editor simplifies policy authoring and policy validation, and allows visualization of complex and nested expressions.

Further information and details on features can be found in the documentation included in each constituent component of APS.

Authorization services

  • Access Decision Service (ADS) is the cloud-native form factor of the PDP. It is a service that provides externalized dynamic attribute-based authorization decisions to Policy Enforcement Points (PEPs), providing a REST API in compliance with the XACML standard. See to the Access Decision Service documentation for more information.