Application construction components - Altinn Platform Authorization
The authorization component in Altinn platform is constructed as an asp.net core web API application deployed as a docker container to a Kubernetes cluster.
The authorization component consists of several parts. For a functional description see details in application solution components.
Policy Decision Point - PDP
Policy Retrieval Point - PRP
Policy Retrieval Point component that stores authorization policies for applications.
The policies are stored as XACML (xml) documents in a blob storage.
When an authorization request is received to PDP, PRP identifies the correct policy document in the policy storage.
Context handler enriches the authorization request with information about the user and the resource requested. Roles are retrieved from SBL Brigde while resource information is retrieved from Instances in storage.
Policy Information Point - Roles
PIP for roles, calls SBL bridge to get the rules a user or system has for a resource party.