This product report covers the Axiomatics Policy Server and the accompanying Policy Auditor. These products fall into the category of Entitlement Management solutions. They use the XML-based XACML standard – Extensible Access Control Markup Language – to define authorisation policies and make access control decisions. Agents are available for the Java and .NET platform that work together with the Policy Server in order to enforce the policies.
Axiomatics has distinguished itself from other vendors in this space by focusing on a solution that consistently implements and complies with the XACML standard. Axiomatics internally uses XACML for policy storage and authoring as well as the XACML query/response language for Policy Enforcement Points. This is different from the approach of some other vendors who have implemented the XACML query/response language on top of existing access control engines which then also may use a different (usually simpler) model to author policies. The approach chosen by Axiomatics therefore comes with the promise of higher flexibility – but at the expense of complexity. The product comes with a graphical user interface that allows administrators to define XACML policies without having to edit raw XML files. However, a deep knowledge on XACML is still required. The accompanying Policy Auditor allows for the testing of policies and the definition of “what-if” scenarios. These can then be evaluated to verify the correctness of the defined policies against simulated requests. In that area, the direct linkage to the underlying policies causing the results is currently missing. For its deployments, Axiomatics recommends more application specific PAP interfaces with point-and-click capabilities that are provided by its professional services organisation during the deployment project once the attribute context is better known and such an interface can be drafted in a meaningful way. However, that still means some effort to reduce the inherent complexity.
