indykite-authzen-evaluation
Installation
SKILL.md
IndyKite AuthZEN - single authorization decision
A KBAC decision asks the AuthZEN endpoint one question - may this subject perform this action on this resource? - and gets back a boolean decision. The decision is rendered by evaluating the project's currently ACTIVE 2.0-kbac policies against the IKG.
This skill covers making that single decision: framing the (subject, action, resource, context) request, sending it, and reading the boolean. It does not author policies - the policy whose subject / actions / resource / condition.cypher the decision is evaluated against is authored with indykite-authzen-kbac.
It is the single-call member of the AuthZEN family:
| Need | Endpoint | Skill |
|---|---|---|
| One yes/no decision | /access/v1/evaluation |
this skill |
| Many decisions at once | /access/v1/evaluations |
indykite-authzen-evaluations |
| Actions a subject may perform on a resource | /access/v1/search/action |
indykite-authzen-search-action |
| Resources a subject may act on, given an action | /access/v1/search/resource |
indykite-authzen-search-resource |
| Subjects allowed an action on a resource | /access/v1/search/subject |
indykite-authzen-search-subject |
| Author / manage the KBAC policy | Config API | indykite-authzen-kbac |