SUNFISH Policy Decision Point (PDP) API¶
This API is primarily used by adjacent PEPs to issue authorization requests for intra-zone and cross-zone interactions. In this specification we partially rely on the REST profile suggested by the OASIS XACML Standard
Version: 1.0.0
/v1¶
GET¶
Summary: API entry point. This point is used to identify functionality and endpoints provided by PDP.
Description:
Parameters
| Name | Located in | Description | Required | Schema |
|---|---|---|---|---|
Responses
| Code | Description |
|---|---|
| 200 | The response contains a resource with link relation http://docs. oasis-open.o rg/ns/xacml/ relation/pdp and a valid URL. |
/v1/verifyServicePolicy¶
POST¶
Summary: Verify a service policy
Description:
Parameters
| Name | Located in | Description | Required | Schema |
|---|---|---|---|---|
| SUNFISH-signature | header | This field is used to provide integrity and authenticity of messages. | No | string |
| body | body | Contains XACML-format ted policy for PDP to perform verification. | Yes | string |
Responses
| Code | Description | Schema |
|---|---|---|
| 200 | Contains information about the verification result. | VerifyPolicyResult |
| 400 | Invalid request | |
| 404 | The requestor is not allowed |
/v1/verifyServicePolicySet¶
POST¶
Summary: Verify a service policy set
Description:
Parameters
| Name | Located in | Description | Required | Schema |
|---|---|---|---|---|
| SUNFISH-signature | header | This field is used to provide integrity and authenticity of messages. | No | string |
| body | body | Contains XACML-format ted policy set for PDP to perform verification . | Yes | string |
Responses
| Code | Description | Schema |
|---|---|---|
| 200 | Contains information about the verification result. | VerifyPolicyResult |
| 400 | Invalid request | |
| 404 | The requestor is not allowed |
/v1/authorization¶
POST¶
Summary: This endpoint is used by PEPs to issue authorization decision requests to PDP. These requests are sent using POST method. Inputs to this endpoint are parameters that describe access requests initiated by entities interacting through the calling PEP. Additionally, this request contains other contextual parameters that can be used by PDP to evaluate request.
Description:
Parameters
| Name | Located in | Description | Required | Schem a |
|---|---|---|---|---|
| SUNFISH-signature | header | This field is used to provide integrity and authenticity of messages. | No | string |
| body | body | Contains XACML-format ted (or other) request with all relevant data and attributes necessary for PDP to perform authorization decision. | Yes | string |
Responses
| Code | Description | Schema |
|---|---|---|
| 200 | Contains complete XACML-format ted answer. Body can include additional answer that deals with activity context, if requested. | string |
| 400 | Invalid XACML request | |
| 404 | Requestor is not allowed to perform the request |
Models¶
VerifyPolicyResult
| Name | Type | Description | Required |
|---|---|---|---|
| status | string | Indicates the status of the verification operation. | No |
| description | string | Description, containing detailed information about the requested operation. | No |
| statusCode | integer | Status code of the operation. | No |