Abbreviated Language For Authorization (ALFA)
What is ALFA?
The Abbreviated Language for Authorization (ALFA) is a language used to express fine-grained, attribute-based access control policies. It’s based on XACML, the OASIS standard for externalized authorization, and provides developers with a simple and easy-to-use syntax.
Example
/*
* Managers can view records
*/
policy managersViewRecords{
target clause user.role == "manager" and object.objectType == "document"
apply firstApplicable
/*
* R1 - A manager can view a record they own in draft mode
*/
rule managersCanView{
target clause action.actionId == "view" and document.status == "draft"
permit
condition user.username == document.owner
}
}
Get Started
- Download the plugin for Visual Studio Code.
- Read the official documentation from Axiomatics.