Download the PHP package enygma/xacmlphp without Composer
On this page you can find all versions of the php package enygma/xacmlphp. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download enygma/xacmlphp
More information about enygma/xacmlphp
Files in enygma/xacmlphp
Package xacmlphp
Short Description A OASIS/XACML library for policy/permissioning
License MIT
Homepage https://github.com/enygma/oasisphp.git
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package xacmlphp
Xacml-php
The Xacml-php library is an implementation of the OASIS/XACML standard for Policy-based authorization. It's a work in progress, but the basic concepts are there.
The OASIS Standard
The OASIS/XACML standard is a well-defined XML-based structure for evaluating attributes on Policies against attributes on Subjects to see if there's a match (based on Operation rules and combining Algorithms).
Terminology:
- PolicySet: Set of Policy objects
- Policy: Defines the policies to evaluate for authoriation. Policies contain sets of Rules that are evaluated and the results are combined according to the Policy's Algorithm for an overall Policy pass/fail status
- Rule: A Rule is made of of a set of Matches (inside a Target) that are used to evaluate authorization
- Match: An object that defines the property to look at (Designator) and the value to check against (Value) and the Operation to perform (like "StringEqual") for Permit/Deny result
- Attribute: Property on a Subject, Resource, Action or Environment
- Algorithm: Evaluation method for combining results of the object (like Policy or Rule). In the OASIS spec, these are called Functions.
- Effect: According to the spec, this can only be "PERMIT" or "DENY"
- Enforcer: Point of enforcement of the access, called the PEP (Policy Enforcement Point) in the OASIS spec.
- Decider: The object that handles the decision logic, tracing down from Policies to Matches. Called the PDP (Policy Decision Point) in the OASIS spec.
- Resource: An object representing a "something" the Subject is trying to access.
Example Usage:
This is a basic interpretation of the OASIS XACML structure and flow. It sets up the Policy structure with Rules & Matches first, then assigns them to the Resource. Then, the Subject and Resource are passed in to the Enforcer to check if they're allowed or not:
