Margrave | download | documentation | examples | help | more information

SchemeDocs for the API. This provides a list of the functions needed to write queries.

Using Margrave

First you must set DrScheme to the right language level: case sensitive Pretty Big. After starting DrScheme goto the "Language" menu and select the "Choose Language..." option. A window will open. If details are not shown click the "Show Details" button (lower left). In the left side of the window under the tab "PLT", select the language "Pretty Big" (you might have to expand the tab). In the right side of the window, check the box "Case sensitive" under the heading "Input Syntax" to turn case sensitivity on. Note that you will have to write your code using case-sensitive names.

To use Margrave in a Scheme file, include at the top of the Scheme file the command (load "<path>/Margrave/code/Margrave.scm") where <path> is the path to where you installed Margrave. Follow that with the command (require margrave). The first command will locate Margrave and the second will make the Margrave API available in that file.

To load an XACML policy, use the command (load-xacml-policy <dir> <file>) where <dir> is the location of the directory holding the base XACML policy file and <file> is the name of the base XACML policy file. If the policy has only one file, then that file is the base one. Otherwise, it is the top-most one.

For example, if you want to load an XACML policy stored in the file "/tmp/policy/base.xml" and call it "test-policy", and you installed Margrave at "/etc/Margrave/", your Scheme file would look like this:

(load "/etc/Margrave/code/Margrave.scm")
(require margrave)
(define test-policy (load-xacml-policy "/tmp/policy" "test.xml"))

Once you have loaded the XACML policies (we recommend loading them all at the beginning of the file for correctly formating output), you can use the Margrave API and all of Scheme to ask queries about these policies. Documentation of individual functions in the Margrave API can be found in the SchemeDocs.

Extended examples can be found on the examples page.


XACML (the eXtensible Access Control Markup Language) is an OASIS standard. Documentation can be found here. The version of XACML for which Margrave was built is the 1.0 standard specification. As documented below, Margrave supports only a subset of this version of XACML. It appears that this subset remains unchanged in XACML 2.0, so Margrave appears to be safe for use with the same subset of that version of XACML.

The Supported Subset of XACML

Margrave can handle the core of XACML that deals strictly with role-based access control. This includes the <Rule>, <Policy>, and <PolicySet> elements and most of the futures of <Target> element found within them. Margrave also supports the rule/policy combining algorithms First-Applicable, Deny-Override, and Permit-Override.

Margrave does not support the ability to do data reasoning within a policy. This includes not supporting the <Condition> element found within the <Rule> element. Since the <Function> element can only be found within the <Condition> element, <Function> is also not supported.

Since the attribute values associated with the <Environment> element of a request can only be accessed within a <Condition> element, <Environment> cannot be used. However, one can still include environment attributes in a policy by (arbitrarily) putting them into the <Subject>, <Resource>, or <Action> elements.

Margrave also presumes that all values for the MatchID attribute of the <SubjectMatch>, <ResourceMatch>, and <ActionMatch> elements imply string-equality testing. Although this implies that for example having a target match only request with a ID number greater than 10 cannot be written in the obvious way using the greater-than MatchID, one can still express this policy by having a Subject attribute "has-id-greater-than-10" and checking if that attribute is set to "true". This further implies that non-string values for attribute values are only supported if string equality is sufficient to compare them. Since we treat all attribute values as strings, the Margrave parser does not even bother to parse the DataType attribute of the AttributeDesignator elements.

In addition to not handing the DataType, Margrave also does not handle the Issuer or MustBePresent attributes of the AttributeDesignator elements. Nor does it handle the SubjectCategory attribute found only in the <SubjectAttributeDesignator> element. Thus, Margrave cannot handle requests with multiple subjects as documented in section 6.1 of the XACML specification.

Since all the above restrictions rule out all the sources for the decision Indeterminate, Margrave has no notion of an Indeterminate decision.

Since Margrave only deals with the decision of an XACML policy, it does not deal with Obligations

Margrave also does not deal with hierarchical data as discussed in section 7.8 of the XACML specification.

Margrave offers limited support for the policy reference element.