OpenAz Main Page

From Wiki
Jump to: navigation, search

OpenAz provides a model and programming framework to enable applications to utilize a policy-based authorization engine for their access control needs. The model is based upon the XACML standard but it also includes a higher-level set of interfaces (the PEP interface) whose use does not require knowledge of XACML. All of these materials, including a complete reference implementation, are available under the Apache 2.0 open source license.

More information on the need for an authorization enablement API and framework can be found at the OpenAz FAQ.


WSO2 implements the AzApi for the WSO2 Balana XACML 3.0 engine

[March 3, 2014] WSO2 has implemented the AzApi for WSO2 Balana XACML PDP. Balana is an open source implementation of XACML 3.0 available under the Apache license (as is AzAPI). See this blog post for more information.

Axiomatics and Oracle Jointly Update OpenAz interfaces to XACML 3.0

[May 7, 2013] We are happy to announce that Axiomatics and Oracle have jointly updated the OpenAz interfaces to XACML 3.0. More information about the contribution can be found here.

Source Code Contribution by Duanhua Tu and Ajith Nair of JPMC.

[Jan 17, 2013] This contribution (fast-az) builds on OpenAz PEP interfaces and demonstrates how it can be used to solve business use-cases. An innovative aspect of the software system is its use of AMF (attribute manifest format) to resolve and obtain attributes from repositories. The source code can be found [1].

User's Guide to the Java XACML Az Interface

We have had a number of requests for a single document that describes the Java XACML Az interface. We have edited the large amount of information that is available in Javadoc and in test programs to create a short document. The document includes a simple and advanced example, as well as a review of the key interface definitions.

News: C++ Version of PEP API

A C++ OpenSource translation of the OpenAz XACML PEP API for Attribute-based Access Control has been added to the repository.

Now developers of C++ ABAC solutions can have a C++ based PEP solution to interface to their own PDP.

Conceptually, this looks like this:

(User) <---> (C++ OpenAz PEP) <---> (Vendor-Specific Shim) <---> (Vendor-Specific API)

This project is written in ANSI/ISO C++, with an encompassing solution written in Microsoft Visual Studio (2008, on a 32-bit Windows OS); but is expected to be easily ported to alternative C++ compilers with very little change.

The source code is available here: C++ Source Code

Thanks go to all the folks at NextLabs, Inc. ( for this useful work.

OpenAz is one step closer to being the multi-language, multi-platform open source approach for integrating Access Control.

Java Download Information

If you are ready to dive into the code:



Download, Build and Run Instructions.

Tutorial on implementing a provider.


For the latest summary of the project, check out these Project Overview Slides.

This diagram illustrates the vision of OpenAz. The AzAPI provides access from Policy Enforcement Points implemented using various technologies to remote or embedded Policy Decision Points. This stan dardized interface simplifies implementation and makes it easy to replace one component with another.


  • We are pursuing AzApi standardization within the OASIS XACML TC and have published the following materials:
  2. Announce AzApi presentation and materials
  3. Presentation slides

Technical Details

  • You can browse the Java docs here.
  • More information about the project can be found in the Az FAQ


Join the Mailing List

There is a regular every other week conference call on Thursdays at 1:00 PM ET. See the mailing list for Agenda.

Minutes from past meetings

Design Proposals