The tdx Volt security policy is based on XACML.
XACML is an attribute-based policy language. Policy rules are defined in terms of the attributes, and in the case of the tdx Volt the 4 main attribute types are subject (the identity), resource, action and environment.
This document won’t go into full details of how XACML works, please refer to the XACML standard.
The tdx Volt policy engine is a stand-alone library that implements large parts of the XACML standard, as well as the multiple decision and hierarchical resource profiles, with no hardwiring to the tdx Volt infrastructure.
Within the tdx Volt core there are implementations of Policy Information Points (PIPs) for subject, resource and environment.
This allows rules that are applied to a parent resource to be inherited by its descendants, and greatly simplifies the policy rules required to protect the Volt.
The tdx Volt uses JSON to persist policies rather than XML, but the underlying semantics are the same.
Note that a ‘root’ policy set is created when the tdx Volt first boots. This contains the general rules pertaining to tdx Volt ownership, resource ownership and so on, and this is persisted in the tdx Volt database.
Resource sharing rules that are added as a result of calls to SaveAccess are dynamically included in the policy at runtime.
The example below shows a policy that permits the tdx Volt owner to perform any action, irrespective of the target resource:
This example shows a rule that permits subjects (identities) to perform any action on any resource they own. It makes use of a ‘condition’ to dynamically interrogate the resource PIP to establish the owning identity. It then compares this to the currently authenticated identity and if the two match, it permits the subject to perform any action: