 | This article relies largely or entirely on a single source .(May 2022) |
 | |
| Developer(s) | HERASAF |
|---|---|
| Stable release | 2.0.2.RELEASE / December 1, 2021 |
| Written in | Java 8 |
| Operating system | Cross-platform |
| Platform | Java Virtual Machine |
| Type | Application framework |
| License | Apache License 2.0 |
| Website | https://github.com/prolutionsGmbH/herasaf-xacml-core |
HERASAF is a well established open-source XACML 2.0 implementation. It provides an extended implementation of the XACML [1] 2.0 standard. It is freely available, established and based on future driven technologies and standards.
The Organization for the Advancement of Structured Information Standards is a nonprofit consortium that works on the development, convergence, and adoption of open standards for cybersecurity, blockchain, Internet of things (IoT), emergency management, cloud computing, legal data exchange, energy, content technologies, and other areas.
Web Services Security is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS.
Web Services for Remote Portlets (WSRP) is an OASIS-approved network protocol standard designed for communications with remote portlets.
Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:
A business rules engine is a software system that executes one or more business rules in a runtime production environment. The rules might come from legal regulation, company policy, or other sources. A business rule system enables these company policies and other operational decisions to be defined, tested, executed and maintained separately from application code.
XACML stands for "eXtensible Access Control Markup Language". The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.
The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware. The defining features of AMQP are message orientation, queuing, routing, reliability and security.
Enterprise Privacy Authorization Language (EPAL) is a formal language for writing enterprise privacy policies to govern data handling practices in IT systems according to fine-grained positive and negative authorization rights. It was submitted by IBM to the World Wide Web Consortium (W3C) in 2003 to be considered for recommendation. In 2004, a lawsuit was filed by Zero-Knowledge Systems claiming that IBM breached a copyright agreement from when they worked together in 2001 - 2002 to create Privacy Rights Markup Language (PRML). EPAL is based on PRML, which means Zero-Knowledge argued they should be a co-owner of the standard.
WS-SecurityPolicy is a web services specification, created by IBM and 12 co-authors, that has become an OASIS standard as of version 1.2. It extends the fundamental security protocols specified by the WS-Security, WS-Trust and WS-SecureConversation by offering mechanisms to represent the capabilities and requirements of web services as policies. Security policy assertions are based on the WS-Policy framework.
GeoXACML stands for Geospatial eXtensible Access Control Markup Language. It defines a geo-specific extension to XACML Version 2.0, as it was ratified by OASIS standards organization on 1 February 2005.
OAuth is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft, and Twitter to permit the users to share information about their accounts with third-party applications or websites.
Consent management is a system, process or set of policies for allowing consumers and patients to determine what health information they are willing to permit their various care providers to access. It enables patients and consumers to affirm their participation in e-health initiatives and to establish consent directives to determine who will have access to their protected health information (PHI), for what purpose and under what circumstances. Consent management supports the dynamic creation, management and enforcement of consumer, organizational and jurisdictional privacy policies.
MQTT is a lightweight, publish-subscribe network protocol that transports messages between devices. The protocol usually runs over TCP/IP, however, any network protocol that provides ordered, lossless, bi-directional connections can support MQTT. It is designed for connections with remote locations where resource constraints exist or the network bandwidth is limited. The protocol is an open OASIS standard and an ISO recommendation.
The Open Geospatial Consortium (OGC), an international voluntary consensus standards organization, originated in 1994. In the OGC, more than 500 commercial, governmental, nonprofit and research organizations collaborate in a consensus process encouraging development and implementation of open standards for geospatial content and services, sensor web and Internet of Things, GIS data processing and data sharing.
ZXID.org Identity Management toolkit implements standalone SAML 2.0, Liberty ID-WSF 2.0, and XACML 2.0 stacks and aims at implementing all popular federation, SSO, and ID Web Services protocols. It is a C implementation with minimal external dependencies - OpenSSL, CURL, and zlib – ensuring easy deployment. Due to its small footprint and efficient and accurate schema driven implementation, it is suitable for embedded and high volume applications. Language bindings to all popular highlevel languages such as PHP, Perl, and Java, are provided via SWIG. ZXID implements, as of Nov 2011, SP, IdP, WSC, WSP, Discovery, PEP, and PDP roles. ZXID is the reference implementation of the core security architecture of the TAS3.eu project.
User-Managed Access (UMA) is an OAuth-based access management protocol standard. Version 1.0 of the standard was approved by the Kantara Initiative on March 23, 2015.
In computer security, general access control includes identification, authorization, authentication, access approval, and audit. A more narrow definition of access control would cover only access approval, whereby the system makes a decision to grant or reject an access request from an already authenticated subject, based on what the subject is authorized to access. Authentication and access control are often combined into a single operation, so that access is approved based on successful authentication, or based on an anonymous access token. Authentication methods and tokens include passwords, biometric scans, physical keys, electronic keys and devices, hidden paths, social barriers, and monitoring by humans and automated systems.
ALFA, the Abbreviated Language For Authorization, is a domain-specific language used in the formulation of access-control policies.
Web API security entails authenticating programs or users who are invoking a web API.