Application construction components - Altinn Platform Authorization

The authorization component in Altinn platform is constructed as an asp.net core web API application deployed as a docker container to a Kubernetes cluster.

The authorization component consists of several parts. For a functional description see details in application solution components.

Policy Decision Point - PDP

This is implemented as a separate class library This is published to Nuget.

Policy Retrieval Point - PRP

Policy Retrieval Point component that stores authorization policies for applications.

The policies are stored as XACML (xml) documents in a blob storage.

When an authorization request is received to PDP, PRP identifies the correct policy document in the policy storage.

See code

Context Handler

Context handler enriches the authorization request with information about the user and the resource requested. Roles are retrieved from SBL Brigde while resource information is retrieved from Instances in storage.

See code

Policy Information Point - Roles

PIP for roles, calls SBL bridge to get the rules a user or system has for a resource party.

Api controllers

Dependencies

See csproj