{"id":13816395,"url":"https://github.com/enygma/xacmlphp","last_synced_at":"2025-04-13T02:32:13.814Z","repository":{"id":56978259,"uuid":"11566695","full_name":"enygma/xacmlphp","owner":"enygma","description":"An OASIS/XACML library for creating XACML-based PHP objects","archived":false,"fork":false,"pushed_at":"2018-02-28T15:14:18.000Z","size":46,"stargazers_count":36,"open_issues_count":3,"forks_count":8,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-03-26T20:21:22.716Z","etag":null,"topics":["php","xacml-php","xacml-standard"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/enygma.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-07-21T19:41:42.000Z","updated_at":"2024-04-07T19:54:29.000Z","dependencies_parsed_at":"2022-08-21T11:50:44.832Z","dependency_job_id":null,"html_url":"https://github.com/enygma/xacmlphp","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enygma%2Fxacmlphp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enygma%2Fxacmlphp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enygma%2Fxacmlphp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enygma%2Fxacmlphp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/enygma","download_url":"https://codeload.github.com/enygma/xacmlphp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248657793,"owners_count":21140842,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["php","xacml-php","xacml-standard"],"created_at":"2024-08-04T05:00:40.025Z","updated_at":"2025-04-13T02:32:13.516Z","avatar_url":"https://github.com/enygma.png","language":"PHP","funding_links":[],"categories":["PHP"],"sub_categories":[],"readme":"Xacml-php\n==========================\nThe Xacml-php library is an implementation of the OASIS/XACML standard for Policy-based\nauthorization. It's a work in progress, but the basic concepts are there.\n\n## The OASIS Standard\n\nThe [OASIS/XACML standard](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf) is a\nwell-defined XML-based structure for evaluating attributes on Policies against attributes on Subjects\nto see if there's a match (based on Operation rules and combining Algorithms).\n\n#### Terminology:\n\n- **PolicySet:** Set of Policy objects\n- **Policy:** Defines the policies to evaluate for authoriation. Policies contain sets of Rules\n    that are evaluated and the results are combined according to the Policy's Algorithm for an\n    overall Policy pass/fail status\n- **Rule:** A Rule is made of of a set of Matches (inside a Target) that are used to evaluate\n    authorization\n- **Match:** An object that defines the property to look at (Designator) and the value to check\n    against (Value) and the Operation to perform (like \"StringEqual\") for Permit/Deny result\n- **Attribute:** Property on a Subject, Resource, Action or Environment\n- **Algorithm:** Evaluation method for combining results of the object (like Policy or Rule). In\n    the OASIS spec, these are called *Functions*.\n- **Effect:** According to the spec, this can only be \"PERMIT\" or \"DENY\"\n- **Enforcer:** Point of enforcement of the access, called the PEP (Policy Enforcement Point)\n    in the OASIS spec.\n- **Decider:** The object that handles the decision logic, tracing down from Policies to Matches.\n    Called the PDP (Policy Decision Point) in the OASIS spec.\n- **Resource:** An object representing a \"something\" the Subject is trying to access.\n\n## Example Usage:\n\nThis is a basic interpretation of the OASIS XACML structure and flow. It sets up the Policy structure\nwith Rules \u0026 Matches first, then assigns them to the Resource. Then, the Subject and Resource are\npassed in to the Enforcer to check if they're allowed or not:\n\n```php\n\u003c?php\n\nrequire_once 'vendor/autoload.php';\n\n$enforcer = new \\Xacmlphp\\Enforcer();\n\n$decider = new \\Xacmlphp\\Decider();\n$enforcer-\u003esetDecider($decider);\n\n// Create some Matches\n$match1 = new \\Xacmlphp\\Match('StringEqual', 'property1', 'TestMatch1', 'test');\n$match2 = new \\Xacmlphp\\Match('StringEqual', 'property1', 'TestMatch2', 'test1234');\n\n// Create a Target container for our Matches\n$target = new \\Xacmlphp\\Target();\n$target-\u003eaddMatches(array($match1, $match2));\n\n// Make a new Rule and add the Target to it\n$rule1 = new \\Xacmlphp\\Rule();\n$rule1-\u003esetTarget($target)\n    -\u003esetId('TestRule')\n    -\u003esetEffect('Permit')\n    -\u003esetDescription(\n        'Test to see if there is an attribute on the subject'\n        .'that exactly matches the word \"test\"'\n    )\n    -\u003esetAlgorithm(new \\Xacmlphp\\Algorithm\\DenyOverrides());\n\n// Make two new policies and add the Rule to it (with our Match)\n$policy1 = new \\Xacmlphp\\Policy();\n$policy1-\u003esetAlgorithm('AllowOverrides')-\u003esetId('Policy1')-\u003eaddRule($rule1);\n\n$policy2 = new \\Xacmlphp\\Policy();\n$policy2-\u003esetAlgorithm('DenyOverrides')-\u003esetId('Policy2')-\u003eaddRule($rule1);\n\n\n// Create the subject with its own Attribute\n$subject = new \\Xacmlphp\\Subject();\n$subject-\u003eaddAttribute(\n    new \\Xacmlphp\\Attribute('property1', 'test')\n);\n\n// Link the Policies to the Resource\n$resource = new \\Xacmlphp\\Resource();\n$resource\n    -\u003eaddPolicy($policy1)\n    -\u003eaddPolicy($policy2);\n\n\n$environment = null;\n$action = null;\n\n$result = $enforcer-\u003eisAuthorized($subject, $resource);\n\n/**\n * The Subject does have a property that's equal to \"test\" on the \"property1\"\n * attribute, but the default Operation is to \"fail closed\". The other Match,\n * for \"test1234\" failed and DenyOverrides wins so the return is false.\n */\n\necho \"\\n\\n\".' END RESULT: '.var_export($result, true);\necho \"\\n\\n\";\n\n?\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenygma%2Fxacmlphp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenygma%2Fxacmlphp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenygma%2Fxacmlphp/lists"}