Margrave | download | documentation | examples | help | more information

Margrave is a PLT Scheme API for use in analyzing access-control policies written in a subset of XACML.

Margrave provides functions to answer queries about one policy or about the relationship of two policies. This provides a means to perform:

An access control policy states which entities has access to perform which actions on which resources. XACML provides a language to specify an access control policy using an XML syntax. A policy in XAMCL is made of <Rule>s, <Policy>s, and <PolicySet>s, all of which Margrave supports. (For information about which parts of XACML Margrave does and does not support, click here .)

The Margrave API provides a function to parse a policy written in XACML. Margrave can then be used to ask queries about the given policy. Margrave can also load in more than one policy and queries can be asked about the relationships between two policies. This can be used to perform change impact analysis. Rather than providing a query language, Margrave provides a set of Scheme functions that can be composed to construct queries. This allows the full power of Scheme to be used by mixing Scheme functions with Margrave functions.

Please note that Margrave is not for verification of the correctness of the syntax of an XACML file. Please use one the tools listed here for that before using Margrave. The behavior of Margrave on XACML files with syntax errors is unknown.