The PingAuthorize Server provides Authorization Policy Decision APIs to support non-API use cases needing attribute-based access control (ABAC).
The Authorization Policy Decision APIs feature requires PingAuthorize Premier. For more information, contact your Ping Identity account representative.
The PingAuthorize Server's main functionality is to
enforce fine-grained policies for data accessed through an
The Authorization Policy Decision APIs consist of the following PDP APIs:
XACML-JSON PDP API
This API provides a standards-based interface.
Standards-based enforcement points request policy decisions based on a subset of the XACML-JSON standard. For more information, see XACML 3.0 JSON Profile 1.1.
This API provides a simpler interface.
The Authorization Policy Decision APIs can indicate when a request or response triggers advice, but the application server must implement the advice.
- Configure the PingAuthorize Server with a feature-enabled license during setup.
- Configure the Policy Decision Point Service. For more information, see Use policies in a production environment.
- For the XACML-JSON PDP API, configure an
access tokenvalidator. For more information, see Access Token Validators. access token A data object by which a client authenticates to a resource server and lays claim to authorizations for accessing particular resources.