PEP KAS using Authorization Service #312
Description
With the introduction of the Authorization service with GetDecisions and GetEntitlements endpoints, PEP work will be simplified. The first PEP to be migrated is KAS.
In the past, KAS has relied on entitlements in the access token under the claim tdf_claims. Now, the access token is passed to the Authorization service. The Authorization service will resolve the entitlements using a vary of methods that are configurable and extensible.
Also, in the past, KAS has the Access PDP embedded. Now, the entity chain, action, and data attributes from the TDF policy will be passed to the GetDecisions endpoint. The entity chain will have an entity with JWT set to the access token, The action will be DECRYPT. and the attribute-fqns will be the TDF attributes.