Testing Your ABAC (Attribute Based Access Control) Solution

When testing your ABAC (Attribute Based Access Control) vendors solution you have or will have a few items to consider. The chief one being, will what we have bought or built suit our needs?

When testing your ABAC (Attribute Based Access Control) vendors solution you have or will have a few items to consider. The chief one being, will what we have bought or built suit our needs?

When testing your ABAC (Attribute Based Access Control) or PBAC (Policy Based Access Control) vendor solutions you have or will have a few items to consider. The chief one being, will what we have bought or built suit our needs?

As was stated in an earlier blog, there are quite a few vendors to start looking at in the ABAC field including Axiomatics, Bitkoo, Oracle, CA, Jericho Systems,Vordel, Cisco, Siemens, Epok, Layer 7, Quest, Pericore, NextLabs and IBM.

But for today’s entry I wanted to throw out a few tools I have worked with to test the messaging between the PEP (Policy Enforcement Point), the PDP/PDS (Policy Decision Point/Service), the Attribute Stores and the Policy Services.

I realize a quick list only scratches the testing service as fully defined test cases building off of both operational and system requirements is a necessity but I wanted to highlight a few tools and their basic functionality for those about to go down this path. Feel free to sound off below and add your own tools and test mechanisms. I might just update to entry to reflect them.

 

Tool Description
Parasoft SOATest
    • Used to conduct functional, operational, and performance testing
    • Used to test message layer functionality by utilizing Web Service Description Language (WSDL) to generate client tools to automate testing for Web services
    • Used to record end-user Web application interactions for playback to examine system behavior and performance
Parasoft Load Test Verifies application performance and functionality under heavy load. Existing end-to-end functional tests are leveraged for load testing, removing the barrier to comprehensive and continuous performance monitoring.
TCPMon Used to monitor traffic on TCP connections
Wireshark Used as a network protocol analyzer for Unix and Windows
soapUI Used to conduct functional testing of Web Services including SOAP and REST
NMAP Used to capture IP packets to determine what services (application name and version) the vendor applications are utilizing
NCES CTK Used  for testing coverage for the service request and the service response within NCES



The long and short of it is that you want to have the ability to test SOAP, SAML and most importantly XACML messaging within your solution