Abbreviated Language For Authorization (ALFA)

What is ALFA?

The Abbreviated Language for Authorization (ALFA) is a language used to express fine-grained, attribute-based access control policies. It’s based on XACML, the OASIS standard for externalized authorization, and provides developers with a simple and easy-to-use syntax.

Example

/*
 * Managers can view records
 */
policy managersViewRecords{
    target clause user.role == "manager" and object.objectType == "document"
    apply firstApplicable
    /*
     * R1 - A manager can view a record they own in draft mode
     */
    rule managersCanView{
        target clause action.actionId == "view" and document.status == "draft"
        permit
        condition user.username == document.owner
    }      
}

Get Started