PHPackages enygma/xacmlphp - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. enygma/xacmlphp ActiveLibrary[Authentication & Authorization](/categories/authentication) enygma/xacmlphp =============== A OASIS/XACML library for policy/permissioning 1.1(10y ago)365.3k8[1 PRs](https://github.com/enygma/xacmlphp/pulls)MITPHPPHP >=5.3.1 Since Sep 5Pushed 8y ago10 watchersCompare [ Source](https://github.com/enygma/xacmlphp)[ Packagist](https://packagist.org/packages/enygma/xacmlphp)[ Docs](https://github.com/enygma/oasisphp.git)[ RSS](/packages/enygma-xacmlphp/feed)WikiDiscussions master Synced 3d ago READMEChangelogDependencies (1)Versions (3)Used By (0) Xacml-php ========= [](#xacml-php) The Xacml-php library is an implementation of the OASIS/XACML standard for Policy-based authorization. It's a work in progress, but the basic concepts are there. The OASIS Standard ------------------ [](#the-oasis-standard) The [OASIS/XACML standard](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf) is a well-defined XML-based structure for evaluating attributes on Policies against attributes on Subjects to see if there's a match (based on Operation rules and combining Algorithms). #### Terminology: [](#terminology) - **PolicySet:** Set of Policy objects - **Policy:** Defines the policies to evaluate for authoriation. Policies contain sets of Rules that are evaluated and the results are combined according to the Policy's Algorithm for an overall Policy pass/fail status - **Rule:** A Rule is made of of a set of Matches (inside a Target) that are used to evaluate authorization - **Match:** An object that defines the property to look at (Designator) and the value to check against (Value) and the Operation to perform (like "StringEqual") for Permit/Deny result - **Attribute:** Property on a Subject, Resource, Action or Environment - **Algorithm:** Evaluation method for combining results of the object (like Policy or Rule). In the OASIS spec, these are called *Functions*. - **Effect:** According to the spec, this can only be "PERMIT" or "DENY" - **Enforcer:** Point of enforcement of the access, called the PEP (Policy Enforcement Point) in the OASIS spec. - **Decider:** The object that handles the decision logic, tracing down from Policies to Matches. Called the PDP (Policy Decision Point) in the OASIS spec. - **Resource:** An object representing a "something" the Subject is trying to access. Example Usage: -------------- [](#example-usage) This is a basic interpretation of the OASIS XACML structure and flow. It sets up the Policy structure with Rules & Matches first, then assigns them to the Resource. Then, the Subject and Resource are passed in to the Enforcer to check if they're allowed or not: ```