You are asked to develop an application that implements a simple PEP andPDP components. The PDP engine should use one of the opensourceimplementations of XACML. You can use the sunXACML API, xacml4J,AT&T implementation, python NDG library, or any other XACML v2conform API. Your application takes an XACML conform request, a set ofXACML conform policy/policySet files, and returns the authorizationdecision in form of xacml conform response. You can find XACML v2standard here and here. You can also find the XACML v1 conformancetests here, which can be used to test the functionality of your application.
Start by studying the standard, and then explain what do the attachedpolicies and requests indicate? and determine what should be the responsebased on the given policy and request.Study the chosen API and develop the simple PEP, PDP.Use the application that you developed in previous exercise with therequests and policies given (two set, each tested individually)? Did you getthe same result as the one you determined before? Try your applicationwith at lease three test scenarios (from the set of the conformance tests)with policies that have three different combining algorithms?You are asked to use the XACML policy specification to specify apolicy(s) that represent a BLP policy model, and test it with yourapplication. You have to create a request to test against your policy, e.g., asubject with a specific clearance wants to access an object with a specificclassification.You are asked to use the XACML policy language to specify a policy(s)that represent a Chinese wall policy model. First discuss the design of youChinese Wall policy using ABAC, then you develop it using XACML.
PEP and PDP components