You are hereAttribute Based Access Control/SPM / Trusted RUBIX ABAC Architecture
Trusted RUBIX ABAC Architecture
The following diagram shows the architecture of the Trusted RUBIX (TR) ABAC mechanism. When a TR operation is performed (e.g., a SELECT operation), a Policy Decision Request is made for each object. The decision is reached by executing all applicable Trusted RUBIX Security Markup Language (RXSML) policy code associated with the TR objects being acted upon. The RXSML policy will use some number of context attributes (e.g., user name, session label) to reach its decision. The Policy Rules Engine will execute the policy logic and operations over the set of context attribute values and an outcome will be reached (e.g., Permit, Deny). In addition to the policy outcome, the Policy Rules Engine may perform security critical actions called obligations (e.g., write a custom audit record), as defined by the policy.