Oracle Corporation
Rest-based declarative policy management

Abstract:

One embodiment performs policy evaluation in a multi-tenant cloud-based identity and access management ("IAM") system. The embodiment receives a request for an IAM service for a tenant of the multi-tenant cloud-based IAM system, and determines an applicable policy associated with the IAM service. The embodiment determines a policy expression of the applicable policy, where the policy expression includes a reference to an attribute value, and where the reference either includes a function or includes an application programming interface ("API") of an attribute retriever class. The embodiment obtains the attribute value by invoking the function or by invoking the API of the attribute retriever class. The embodiment evaluates the applicable policy at run-time using at least the obtained attribute value, and performs the IAM service based on the result of the evaluating of the policy.