Axiomatics Policy Server
Axiomatics Policy Server (APS) is an externalized authorization engine for fine-grained, policy-based access control. It implements XACML 3.0 and provides the core ABAC building blocks; policy authoring (PAP), decision service (PDP), and integrations for enforcement (PEP) and attribute sources (PIP).
Key Capabilities
-
Fine-grained, context-aware decisions: Uses attributes (user, resource, action, environment) to evaluate policies and return Permit/Deny outcomes with advice/obligations.
-
Standards-based interoperability: Conforms to XACML 3.0 (language, request/response, reference architecture), reducing vendor lock-in for PAP/PDP/PEP patterns.
-
Externalized authorization for apps/APIs: PDP exposed as a REST/JSON microservice; works with environment-specific PEPs to protect web, API, and microservices workloads.
Limitations
-
Not an identity provider: APS handles authorization, not authentication/SSO, identity profiles, or user provisioning (e.g., SCIM). Pair with an IdP/IAM for end-to-end flows.
-
PEP integration required: Applications, APIs, or gateways must integrate a Policy Enforcement Point to call the PDP and honor decisions/obligations. Implementation effort varies by stack.
-
Attribute dependency: High-quality decisions depend on authoritative attribute sources (PIPs) and reliable attribute delivery. Design and data plumbing are non-trivial.
-
Lifecycle clarity: Axiomatics’ current messaging centers on its “Orchestrated Authorization” platform.