PEP and PDP components

You are asked to develop an application that implements a simple PEP and
PDP components. The PDP engine should use one of the opensource
implementations of XACML. You can use the sunXACML API, xacml4J,
AT&T implementation, python NDG library, or any other XACML v2
conform API. Your application takes an XACML conform request, a set of
XACML conform policy/policySet files, and returns the authorization
decision in form of xacml conform response. You can find XACML v2
standard here and here. You can also find the XACML v1 conformance
tests here, which can be used to test the functionality of your application.

  1. Start by studying the standard, and then explain what do the attached
    policies and requests indicate? and determine what should be the response
    based on the given policy and request.
  2. Study the chosen API and develop the simple PEP, PDP.
  3. Use the application that you developed in previous exercise with the
    requests and policies given (two set, each tested individually)? Did you get
    the same result as the one you determined before? Try your application
    with at lease three test scenarios (from the set of the conformance tests)
    with policies that have three different combining algorithms?
  4. You are asked to use the XACML policy specification to specify a
    policy(s) that represent a BLP policy model, and test it with your
    application. You have to create a request to test against your policy, e.g., a
    subject with a specific clearance wants to access an object with a specific
  5. You are asked to use the XACML policy language to specify a policy(s)
    that represent a Chinese wall policy model. First discuss the design of you
    Chinese Wall policy using ABAC, then you develop it using XACML.

Sample Solution