Microsoft.Capl.Core 1.0.0

Prefix Reserved

dotnet add package Microsoft.Capl.Core --version 1.0.0

NuGet\Install-Package Microsoft.Capl.Core -Version 1.0.0

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Microsoft.Capl.Core" Version="1.0.0" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

paket add Microsoft.Capl.Core --version 1.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Microsoft.Capl.Core, 1.0.0"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

// Install Microsoft.Capl.Core as a Cake Addin
#addin nuget:?package=Microsoft.Capl.Core&version=1.0.0

// Install Microsoft.Capl.Core as a Cake Tool
#tool nuget:?package=Microsoft.Capl.Core&version=1.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

CAPL

Claims Authorization Policy Language

JSON serialization version for access control

Version: 4.0 Last Updated 12/03/2021

Overview

Claims Authorization Policy Language, CAPL, is a serializable, logic-based, security token agnostic access control policy language useful in making the Boolean decisions to permit or deny access to a resource. CAPL uses claims associated with a security token presented to an application to bind variables to a policy's evaluation expression and return a Boolean access control decision. An evaluation expression in CAPL is either a simple expression or a complex expression.

CAPL is intended to be used by applications, where the application enforces access control decisions using CAPL policies. Because the policies are serializable, applications can acquire authorization policies from data stores or other services and control how policies are refreshed. This means that access control within applications can be managed externally without the need to redeploy applications.

Additional information regarding encoding and definitions here

Evaluation expressions can be simple, e.g., (a==b), or complex, e.g., [(a==b)||(c<d)]. CAPL rules are used to create simple expressions and logical connectives, i.e., logical AND or logical OR, are used to form complex expressions.

Example An authorization policy with a simple expression could be defined below using default values. The authorization policy states that the policy with evaluate to "true" if and only if, the security token presented by the caller has at least one claim type of "roles" where at least one value is "reader".

{
  "id": "ABC",
  "expression": {
    "type": "#Rule",
    "operation": {
      "type": "#EqualCaseSensitive",
      "value": "reader"
    },
    "match": {
      "claimType": "roles"
    }
  }
}

Product	Compatible and additional computed target framework versions.
.NET	net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed.

Product

.NET