Angel \”Java\” Lopez on Blog

December 18, 2012

First Ideas for a Claim Rule Engine

Filed under: AjSharp, C Sharp, Claims, Federated Security, Open Source Projects, Rule Engine — ajlopez @ 4:29 pm

I am looking for applications of my scripting languages. I want to use AjLang, the core of AjSharp, written in C#. One use case could be a claim rule engine. To understand what I have in mind, and the federated security jargon/landscape, see:

The Role of the Claims Engine
The Role of the Claim Rule Language
The Role of Claim Rules
The Role of the Claims Pipeline
The Role of Claims

Given a set of input claims, the system should produce a set of output claims, using user defined rules. A rule could be written as:

rule RuleEmail
   description “….”
   claim cmail
   cmail in InputClaims
   cmail.Type == “email” 
   claim cname = new Claim(…. )
   // more cname processing, maybe extracting a value from email
end rule

Something like my example at but more oriented to C# syntax (i.e. the use of native .EndsWith in the above example)

If I had omitted cmail in InputClaims, the claim will be searched in all claim sets.

Additional item: to have a web interface to edit and browse rules.

The rules would be executed in order. I could write rule sets, to group rules to be executed. For example: Identity Provider rule set, to be applied to the claim set provider by an IP, i.e. Windows Live, Yahoo, etc. Or a Relying Party rule set, defined by application: accounting system, human resource system, finance, etc..

In the “then” part, additional functions could be call. The functions would be added by the developer to the rule engine environment, maybe with dynamic loading of a library. Then, the actions will be extensible by code. The “when” part could use additional predicates, too. But the base idea is to have an initial set of predicates and actions that cover the main use cases: testing property values, creating new claims, setting their property values, adding to a claim set (InputClaims, OutputClaims or any other set defined by the programmer).

One thing to decide: what happens if there are TWO or more claims that satisfy then when clause? the rule should fire only once? or n times? I remember the cut operator from Prolog, but I guess it could be simpler. I should explore the use cases.

No time allocated for these ideas, yet. But keep tuned!

Angel “Java” Lopez

February 25, 2012

AjRools (1) Rule Engine in C#

Filed under: .NET, AjRools, Open Source Projects, Rule Engine — ajlopez @ 6:50 pm

Since last year, I was conducting a bit of research about rule engines, specially in Java:

I reviewed JBoss Drools Expert (see Past December, I assisted to Buenos Aires JBoss Meetup (see Spanish post)

In the old eighties, I met Rete Algorithm (see The Rete Matching Algorithm, Dr.Dobb’s). After all that, I decide to implement my own rule engine, in C#. You can check my progress at:

This is the current solution:

As usual, it was coded using TDD.

I have facts, that are asserted, like Temperature = 38. And rules, that based on the asserted facts, produce other asserted facts (I plan to add actions, too, beyond fact assertions). A rule example:

# Rules example
# Rule for Child Fever
		Temperature > 38
		Age <= 12
		HasFever is true
# Rule for Adult Fever
		Temperature > 37
		Age > 12
		HasFever is true

I have ideas to extend the rule engine to support objects with properties, not only variables:

	p is_a Patient
	p.Temperature is 39
	p.HasFever is true

but this feature is still in progress. I didn’t adopt the Rete algorithm, yet, or something similar. I want to have a running implementation, with tests. Then, changing internal algorithm is like an exercise on refactoring.

Pending work: more object+properties support, session (client use of the internal implementation), etc.

Keep tuned!

Angel “Java” Lopez

Create a free website or blog at