Releases: intuit/identity-authz-apl
Version 0.28
What's Changed
- Fix broken apl and java code links in README.md by @baladutt in #53
- Update maven.yml for upload artifact version to V4 by @ravichauhan03 in #55
- Support for custom functions in APL by @kjhunjhunwala in #54
Full Changelog: 0.27...0.28
Version 0.27
What's Changed
- Update the version of snakeyaml to 2.0 and changes to the code to mak… by @sachinmaheshwari in #48
- Update maven.yml by @sachinmaheshwari in #51
Full Changelog: 0.26...0.27
Support for Dynamic verification of request
This release supports the dynamic verification of requests. Any attribute of the form,
verify_<attribute_name> will be validated against <attribute_name>
For example, if the request is as mentioned below:
{
"subject": {
"id": "123",
"department": "HR",
"verify_department": "HR"
},
"action": {
"id": "read"
}
}
Then in the above request, the value of "verify_department" will be validated against "department".
Support for enhanced policy response including advice, cause & remediation
The response returned from the policy can now have enhanced attributes segregated into separate categories named as below:
- Obligations [Array of Map]
This section denotes operation(s) specified in a response that should be performed by the PEP or the enforcement service in conjunction with the enforcement of an authorization decision. For example, auditing of decisions for compliance reasons.
Obligations are usually recommended only when the authorization result is "Permit". - Cause [Array of Map]
When a denial or equivalent decision is returned, consumers need visibility of why that decision is returned. This section in response will enhance the troubleshooting and consumers might not always need to dig deeper into logs to gain these insights. - Advice [Array of Map]
Advice is used in its literal meaning in the response i.e. either information or suggestion. This section of the response will be the container for additional information that needs to be sent back for the response context. Along with that, if there are any suggestions are also sent back. - Remediation [Array of Map]
Remediation will be used to render a predefined experience in some predefined use cases where either business demands enforcement of certain security measures.
First public release
Fixed potential security vulnerabilities in dependencies alerted by depandabot.
Cleaned up and fixed the sample helloworld to work with latest apl.
This is available at,
https://repo.maven.apache.org/maven2/com/intuit/apl/apl-core/0.23/
Please read README for more information and instructions for use,
<dependency>
<groupId>com.intuit.apl</groupId>
<artifactId>apl-core</artifactId>
<version>0.23</version>
</dependency>
Updating the 1st release
Testing the 1st release to central
Creating the 1st Release of the APL
This is the first release of APL to which can be consumed from central OSS repository.