You are hereAttribute Based Access Control/SPM / Trusted RUBIX ABAC Architecture

Trusted RUBIX ABAC Architecture


The following diagram shows the architecture of the Trusted RUBIX (TR) ABAC mechanism. When a TR operation is performed (e.g., a SELECT operation), a Policy Decision Request is made for each object. The decision is reached by executing all applicable Trusted RUBIX Security Markup Language (RXSML) policy code associated with the TR objects being acted upon. The RXSML policy will use some number of context attributes (e.g., user name, session label) to reach its decision. The Policy Rules Engine will execute the policy logic and operations over the set of context attribute values and an outcome  will be reached (e.g., Permit, Deny). In addition to the policy outcome, the Policy Rules Engine may perform security critical actions called obligations (e.g., write a custom audit record), as defined by the policy.

 

Trusted RUBIX ABAC Architecture Diagram