OrBAC API

The OrBAC Application Programing Interface is a Java library which has been developed to programmatically manipulate OrBAC policies. It implements almost all the OrBAC concepts developed in the research papers you will find in the publication page.

The API features the following OrBAC policy editing capabilities:

  • abstract policy specification: organizations, roles, activities, views, contexts, and abstract rules (permissions, ) can be manipulated. This includes organizations, roles, activities, and views hierarchies
  • separation constraints and rules priorities can be specified to solve conflicts between abstract rules
  • several languages can be used to express contexts and entity definitions. Simple ad-hoc languages have been defined to express temporal conditions or simple conditions on concrete entities (subject, action or object) attributes. Two more powerful languages can be used, Java and Prolog, to be able to express a wide range of conditions
  • the administration policy, or AdOrBAC policy, associated to an OrBAC policy can be specified using the same concepts and API methods

The API proposes different policy implementations which provide different services. The current version provides three implementations:

  • JenaOrbacPolicy: a Jena based implementation which stores the abstract policy and the associated concrete entities in a RDF file. The Jena reasoning engine is used to infer the concrete policy
  • XmlOrbacPolicy: an implementation which stores the abstract policy and the associated concrete entities in a XML file. A custom multi-threaded backward chaining algorithm is used to infer the concrete policy. The fork/join framework from the JDK7 is used to implement multi-threading
  • MysqlOrbacPolicy: this implementation is an extension of the XmlOrbacPolicy which stores the abstract policy in a XML file and stores the concrete entities in a Mysql database