diff --git a/src/Authorization/Altinn.Platform.Authorization.csproj b/src/Authorization/Altinn.Platform.Authorization.csproj
index 8b183ccc..87aba3db 100644
--- a/src/Authorization/Altinn.Platform.Authorization.csproj
+++ b/src/Authorization/Altinn.Platform.Authorization.csproj
@@ -8,14 +8,21 @@
 
   <ItemGroup>
     <PackageReference Include="Altinn.ApiClients.Maskinporten" Version="9.2.0" />
+    <PackageReference Include="Altinn.Authorization.ProblemDetails" Version="3.0.1" />
+    <PackageReference Include="Altinn.Authorization.ProblemDetails.Abstractions" Version="3.0.1" />
+    <PackageReference Include="Altinn.Common.AccessToken" Version="4.5.1" />
     <PackageReference Include="Altinn.Common.AccessTokenClient" Version="3.0.7" />
     <PackageReference Include="Altinn.Common.PEP" Version="4.0.0" />
     <PackageReference Include="Altinn.Platform.Models" Version="1.6.1" />
+    <PackageReference Include="Altinn.Swashbuckle" Version="2.1.0" />
+    <PackageReference Include="Altinn.Urn" Version="2.5.0" />
+    <PackageReference Include="Altinn.Urn.Swashbuckle" Version="2.5.0" />
     <PackageReference Include="AutoMapper" Version="13.0.1" />
     <PackageReference Include="Azure.Identity" Version="1.12.0" />
     <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.6.0" />
     <PackageReference Include="Azure.Storage.Queues" Version="12.20.0" />
     <PackageReference Include="Azure.Storage.Blobs" Version="12.22.0" />
+    <PackageReference Include="IdentityModel" Version="7.0.0" />
     <PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.22.0" />
     <PackageReference Include="Altinn.Authorization.ABAC" Version="0.0.8" />
     <PackageReference Include="Altinn.Platform.Storage.Interface" Version="3.34.0" />
@@ -28,6 +35,8 @@
     <PackageReference Include="Microsoft.FeatureManagement" Version="3.5.0" />
     <PackageReference Include="Npgsql" Version="8.0.4" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.3" />
+    <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.7.3" />
+    <PackageReference Include="Swashbuckle.AspNetCore.Filters" Version="8.0.2" />
     <PackageReference Include="System.Text.Json" Version="8.0.4" />
     <PackageReference Include="Yuniql.AspNetCore" Version="1.2.25" />
     <PackageReference Include="Yuniql.PostgreSql" Version="1.3.15" />
diff --git a/src/Authorization/Configuration/TokenGeneratorSettings.cs b/src/Authorization/Configuration/TokenGeneratorSettings.cs
new file mode 100644
index 00000000..a6a2656a
--- /dev/null
+++ b/src/Authorization/Configuration/TokenGeneratorSettings.cs
@@ -0,0 +1,27 @@
+namespace Altinn.Platform.Authorization.Configuration;
+
+/// <summary>
+/// Represents a set of configuration options needed for using the Altinn Platform Token Generator.
+/// </summary>
+public class TokenGeneratorSettings
+{
+    /// <summary>
+    /// Gets or sets the url for the token generator.
+    /// </summary>
+    public string Url { get; set; }
+
+    /// <summary>
+    /// Gets or sets user for authorized access to the token generator.
+    /// </summary>
+    public string User { get; set; }
+
+    /// <summary>
+    /// Gets or sets password for authorized access to the token generator.
+    /// </summary>
+    public string Password { get; set; }
+
+    /// <summary>
+    /// Gets or sets the environment to use for the token generator.
+    /// </summary>
+    public string Env { get; set; }
+}
diff --git a/src/Authorization/Constants/AuthzConstants.cs b/src/Authorization/Constants/AuthzConstants.cs
index f4557ec2..c63d90dc 100644
--- a/src/Authorization/Constants/AuthzConstants.cs
+++ b/src/Authorization/Constants/AuthzConstants.cs
@@ -10,6 +10,16 @@ public static class AuthzConstants
         /// </summary>
         public const string POLICY_STUDIO_DESIGNER = "StudioDesignerAccess";
 
+        /// <summary>
+        /// Policy tag for authorizing PlatformAccessTokens issued by Platform
+        /// </summary>
+        public const string POLICY_PLATFORMISSUER_ACCESSTOKEN = "PlatformIssuedAccessToken";
+
+        /// <summary>
+        /// The issuer of access tokens for the platform cluster
+        /// </summary>
+        public const string PLATFORM_ACCESSTOKEN_ISSUER = "platform";
+
         /// <summary>
         /// Policy tag for authorizing Altinn.Platform.Authorization API access from AltinnII Authorization
         /// </summary>
@@ -25,11 +35,6 @@ public static class AuthzConstants
         /// </summary>
         public const string AUTHORIZESCOPEACCESS = "AuthorizeScopeAccess";
 
-        /// <summary>
-        /// (deprecated) Scope that gives access to Authorize API
-        /// </summary>
-        public const string PDP_SCOPE = "altinn:authorization:pdp";
-
         /// <summary>
         /// Scope that gives access to external Authorize API for service/resource owners
         /// </summary>
diff --git a/src/Authorization/Controllers/AccessListAuthorizationController.cs b/src/Authorization/Controllers/AccessListAuthorizationController.cs
new file mode 100644
index 00000000..a000fbd7
--- /dev/null
+++ b/src/Authorization/Controllers/AccessListAuthorizationController.cs
@@ -0,0 +1,66 @@
+using System.Linq;
+using System.Net.Mime;
+using System.Threading;
+using System.Threading.Tasks;
+using Altinn.Authorization.Errors;
+using Altinn.Authorization.Models.ResourceRegistry;
+using Altinn.Authorization.ProblemDetails;
+using Altinn.Platform.Authorization.Constants;
+using Altinn.Platform.Authorization.Models;
+using Altinn.Platform.Authorization.Services.Interface;
+using AltinnCore.Authentication.Constants;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Altinn.Platform.Authorization.Controllers;
+
+/// <summary>
+/// Contains all actions related to the roles model
+/// </summary>
+[Route("authorization/api/v1/accesslist")]
+[ApiController]
+public class AccessListAuthorizationController : ControllerBase
+{
+    private readonly IAccessListAuthorization _accessListAuthorization;
+    private readonly IResourceRegistry _resourceRegistry;
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="AccessListAuthorizationController"/> class
+    /// </summary>
+    public AccessListAuthorizationController(IAccessListAuthorization accessListAuthorization, IResourceRegistry resourceRegistry)
+    {
+        _accessListAuthorization = accessListAuthorization;
+        _resourceRegistry = resourceRegistry;
+    }
+
+    /// <summary>
+    /// Internal API for local cluster requests only.
+    /// Authorization of a given subject for resource access through access lists for any service owner organization's access lists and resources. 
+    /// </summary>
+    /// <param name="accessListAuthorizationRequest">Access list authorization request model</param>
+    /// <param name="cancellationToken">The <see cref="CancellationToken"/></param>
+    /// <returns>AccessListAuthorizationResponse</returns>
+    [HttpPost]
+    [Route("accessmanagement/authorization")]
+    [ApiExplorerSettings(IgnoreApi = true)]
+    [Authorize(Policy = AuthzConstants.POLICY_PLATFORMISSUER_ACCESSTOKEN)]
+    [Consumes(MediaTypeNames.Application.Json)]
+    [Produces(MediaTypeNames.Application.Json)]
+    [ProducesResponseType(typeof(AccessListAuthorizationResponse), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
+    [ProducesResponseType(typeof(void), StatusCodes.Status403Forbidden)]
+    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status400BadRequest)]
+    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status500InternalServerError)]
+    public async Task<ActionResult> AuthorizeInternal(AccessListAuthorizationRequest accessListAuthorizationRequest, CancellationToken cancellationToken = default)
+    {
+        Result<AccessListAuthorizationResponse> result = await _accessListAuthorization.Authorize(accessListAuthorizationRequest, cancellationToken);
+
+        if (result.IsProblem)
+        {
+            return result.Problem.ToActionResult();
+        }
+
+        return Ok(result.Value);
+    }
+}
diff --git a/src/Authorization/Controllers/DecisionController.cs b/src/Authorization/Controllers/DecisionController.cs
index 945069dd..88f3196c 100644
--- a/src/Authorization/Controllers/DecisionController.cs
+++ b/src/Authorization/Controllers/DecisionController.cs
@@ -10,7 +10,13 @@
 using Altinn.Authorization.ABAC.Utils;
 using Altinn.Authorization.ABAC.Xacml;
 using Altinn.Authorization.ABAC.Xacml.JsonProfile;
+using Altinn.Authorization.Enums;
+using Altinn.Authorization.Models;
+using Altinn.Authorization.Models.Register;
+using Altinn.Authorization.Models.ResourceRegistry;
+using Altinn.Authorization.ProblemDetails;
 using Altinn.Platform.Authorization.Constants;
+using Altinn.Platform.Authorization.Helpers;
 using Altinn.Platform.Authorization.ModelBinding;
 using Altinn.Platform.Authorization.Models;
 using Altinn.Platform.Authorization.Models.AccessManagement;
@@ -18,6 +24,7 @@
 using Altinn.Platform.Authorization.Repositories.Interface;
 using Altinn.Platform.Authorization.Services.Interface;
 using Altinn.Platform.Authorization.Services.Interfaces;
+using Altinn.Platform.Register.Models;
 using Altinn.Platform.Storage.Interface.Models;
 using AutoMapper;
 using Azure.Core;
@@ -47,6 +54,9 @@ public class DecisionController : ControllerBase
         private readonly IEventLog _eventLog;
         private readonly IFeatureManager _featureManager;
         private readonly IAccessManagementWrapper _accessManagement;
+        private readonly IResourceRegistry _resourceRegistry;
+        private readonly IRegisterService _registerService;
+        private readonly IAccessListAuthorization _accessListAuthorization;
         private readonly IMapper _mapper;
 
         private readonly SortedDictionary<string, AuthInfo> _appInstanceInfo = new();
@@ -55,6 +65,9 @@ public class DecisionController : ControllerBase
         /// Initializes a new instance of the <see cref="DecisionController"/> class.
         /// </summary>
         /// <param name="accessManagement">Service for making request the to Access Management API (PIP)</param>
+        /// <param name="resourceRegistry">Service for making requests to the Resource Registry API</param>
+        /// <param name="registerService">Service for making requests to the Register API</param>
+        /// <param name="accessListAuthorization">Service for authorization of subjects based on Resource Registry access lists</param>
         /// <param name="contextHandler">The Context handler</param>
         /// <param name="delegationContextHandler">The delegation context handler</param>
         /// <param name="policyRetrievalPoint">The policy Retrieval point</param>
@@ -64,7 +77,20 @@ public class DecisionController : ControllerBase
         /// <param name="eventLog">the authorization event logger</param>
         /// <param name="featureManager">the feature manager</param>
         /// <param name="mapper">The model mapper</param>
-        public DecisionController(IAccessManagementWrapper accessManagement, IContextHandler contextHandler, IDelegationContextHandler delegationContextHandler, IPolicyRetrievalPoint policyRetrievalPoint, IDelegationMetadataRepository delegationRepository, ILogger<DecisionController> logger, IMemoryCache memoryCache, IEventLog eventLog, IFeatureManager featureManager, IMapper mapper)
+        public DecisionController(
+            IAccessManagementWrapper accessManagement,
+            IResourceRegistry resourceRegistry,
+            IRegisterService registerService,
+            IAccessListAuthorization accessListAuthorization,
+            IContextHandler contextHandler,
+            IDelegationContextHandler delegationContextHandler,
+            IPolicyRetrievalPoint policyRetrievalPoint,
+            IDelegationMetadataRepository delegationRepository,
+            ILogger<DecisionController> logger,
+            IMemoryCache memoryCache,
+            IEventLog eventLog,
+            IFeatureManager featureManager,
+            IMapper mapper)
         {
             _pdp = new PolicyDecisionPoint();
             _prp = policyRetrievalPoint;
@@ -75,6 +101,9 @@ public DecisionController(IAccessManagementWrapper accessManagement, IContextHan
             _eventLog = eventLog;
             _featureManager = featureManager;
             _accessManagement = accessManagement;
+            _resourceRegistry = resourceRegistry;
+            _registerService = registerService;
+            _accessListAuthorization = accessListAuthorization;
             _mapper = mapper;
         }
 
@@ -267,28 +296,17 @@ private async Task<XacmlContextResponse> Authorize(XacmlContextRequest decisionR
         {
             decisionRequest = await this._contextHandler.Enrich(decisionRequest, isExernalRequest, _appInstanceInfo);
 
-            ////_logger.LogInformation($"// DecisionController // Authorize // Roles // Enriched request: {JsonConvert.SerializeObject(decisionRequest)}.");
             XacmlPolicy policy = await _prp.GetPolicyAsync(decisionRequest);
 
             XacmlContextResponse rolesContextResponse = _pdp.Authorize(decisionRequest, policy);
-            ////_logger.LogInformation($"// DecisionController // Authorize // Roles // XACML ContextResponse: {JsonConvert.SerializeObject(rolesContextResponse)}.");
-
             XacmlContextResult roleResult = rolesContextResponse.Results.First();
+
+            XacmlContextResponse delegationContextResponse = null;
             if (roleResult.Decision.Equals(XacmlContextDecision.NotApplicable))
             {
                 try
                 {
-                    XacmlContextResponse delegationContextResponse = await AuthorizeUsingDelegations(decisionRequest, policy, cancellationToken);
-                    XacmlContextResult delegationResult = delegationContextResponse.Results.First();
-                    if (delegationResult.Decision.Equals(XacmlContextDecision.Permit))
-                    {
-                        if (logEvent)
-                        {
-                            await _eventLog.CreateAuthorizationEvent(_featureManager, decisionRequest, HttpContext, delegationContextResponse, cancellationToken);
-                        }
-
-                        return delegationContextResponse;
-                    }
+                    delegationContextResponse = await AuthorizeUsingDelegations(decisionRequest, policy, cancellationToken);
                 }
                 catch (Exception ex)
                 {
@@ -296,12 +314,27 @@ private async Task<XacmlContextResponse> Authorize(XacmlContextRequest decisionR
                 }
             }
 
+            XacmlContextResponse finalResponse = delegationContextResponse ?? rolesContextResponse;
+            XacmlContextResult finalResult = finalResponse.Results.First();
+            if (finalResult.Decision.Equals(XacmlContextDecision.Permit) && !await IsAccessListAuthorized(decisionRequest, cancellationToken))
+            {
+                return new XacmlContextResponse(new XacmlContextResult(XacmlContextDecision.Deny)
+                {
+                    Status = new XacmlContextStatus(XacmlContextStatusCode.Success)
+                    {
+                        StatusMessage = "Access list authorization of resource party required. Access list authorization is controlled by the service owner of the resource/service of the authorization request.",
+                    }
+                });
+            }
+
+            // If the delegation context response is NOT permit, the final response should be the roles context response
+            finalResponse = finalResult.Decision.Equals(XacmlContextDecision.Permit) ? finalResponse : rolesContextResponse;
             if (logEvent)
             {
-                await _eventLog.CreateAuthorizationEvent(_featureManager, decisionRequest, HttpContext, rolesContextResponse, cancellationToken);
+                await _eventLog.CreateAuthorizationEvent(_featureManager, decisionRequest, HttpContext, finalResponse, cancellationToken);
             }
             
-            return rolesContextResponse;
+            return finalResponse;
         }
 
         private async Task<XacmlContextResponse> ProcessDelegationResult(XacmlContextRequest decisionRequest, XacmlPolicy resourcePolicy, IEnumerable<DelegationChangeExternal> delegations, CancellationToken cancellationToken = default)
@@ -324,6 +357,46 @@ private async Task<XacmlContextResponse> ProcessDelegationResult(XacmlContextReq
             });
         }
 
+        private async Task<bool> IsAccessListAuthorized(XacmlContextRequest decisionRequest, CancellationToken cancellationToken = default)
+        {
+            PolicyResourceType policyResourceType = PolicyHelper.GetPolicyResourceType(decisionRequest, out string resourceId);
+            if (!policyResourceType.Equals(PolicyResourceType.ResourceRegistry))
+            {
+                return true;
+            }
+
+            ServiceResource resource = await _resourceRegistry.GetResourceAsync(resourceId, cancellationToken);
+            if (resource != null && resource.AccessListMode == ResourceAccessListMode.Enabled)
+            {
+                var resourceAttributes = _delegationContextHandler.GetResourceAttributes(decisionRequest);
+
+                Party party = await _registerService.GetParty(int.Parse(resourceAttributes.ResourcePartyValue));
+                if (party?.PartyTypeName != Register.Enums.PartyType.Organisation)
+                {
+                    // Currently only Organization support in AccessLists
+                    return false;
+                }
+
+                resourceAttributes.OrganizationNumber = party.OrgNumber;
+                AccessListAuthorizationRequest accessListAuthorizationRequest = new AccessListAuthorizationRequest
+                {
+                    Subject = PartyUrn.OrganizationIdentifier.Create(OrganizationNumber.CreateUnchecked(resourceAttributes.OrganizationNumber)),
+                    Resource = ResourceIdUrn.ResourceId.Create(Altinn.Authorization.Models.ResourceRegistry.ResourceIdentifier.CreateUnchecked(resourceId)),
+                    Action = ActionUrn.ActionId.Create(ActionIdentifier.CreateUnchecked(_delegationContextHandler.GetActionString(decisionRequest)))
+                };
+                Result<AccessListAuthorizationResponse> result = await _accessListAuthorization.Authorize(accessListAuthorizationRequest, cancellationToken);
+
+                if (result.IsProblem)
+                {
+                    return false;
+                }
+
+                return result.Value.Result == AccessListAuthorizationResult.Authorized;
+            }
+
+            return true;
+        }
+
         private static string CreateCacheKey(params string[] cacheKeys) =>
             string.Join("-", cacheKeys.Where(c => c != null && (c != string.Empty || !c.EndsWith(':'))));
 
diff --git a/src/Authorization/Errors/Problems.cs b/src/Authorization/Errors/Problems.cs
new file mode 100644
index 00000000..aaa4ecd7
--- /dev/null
+++ b/src/Authorization/Errors/Problems.cs
@@ -0,0 +1,21 @@
+#nullable enable
+
+using System.Net;
+using Altinn.Authorization.ProblemDetails;
+
+namespace Altinn.Authorization.Errors;
+
+/// <summary>
+/// Problem descriptors for Authorization
+/// </summary>
+public static class Problems
+{
+    private static readonly ProblemDescriptorFactory _factory
+        = ProblemDescriptorFactory.New("AUTHZ");
+
+    /// <summary>
+    /// Gets a <see cref="ProblemDescriptor"/> for not implemented feature.
+    /// </summary>
+    public static ProblemDescriptor NotImplemented { get; }
+        = _factory.Create(0, HttpStatusCode.NotImplemented, "Not implemented.");
+}
diff --git a/src/Authorization/Errors/ValidationErrors.cs b/src/Authorization/Errors/ValidationErrors.cs
new file mode 100644
index 00000000..aa40a17f
--- /dev/null
+++ b/src/Authorization/Errors/ValidationErrors.cs
@@ -0,0 +1,32 @@
+#nullable enable
+
+using Altinn.Authorization.ProblemDetails;
+
+namespace Altinn.Authorization.Errors;
+
+/// <summary>
+/// Validation errors for Authorization
+/// </summary>
+public static class ValidationErrors
+{
+    private static readonly ValidationErrorDescriptorFactory _factory
+        = ValidationErrorDescriptorFactory.New("AUTHZ");
+
+    /// <summary>
+    /// Gets a validation error descriptor for when a provided resource registry identifier is not found as a valid resource.
+    /// </summary>
+    public static ValidationErrorDescriptor ResourceRegistry_ResourceIdentifier_NotFound { get; }
+        = _factory.Create(0, "Unknown resource registry identifier.");
+
+    /// <summary>
+    /// Gets a validation error descriptor for when the authencticated organization number is not authorized as the competent authority owner of a resource registry resource.
+    /// </summary>
+    public static ValidationErrorDescriptor ResourceRegistry_CompetentAuthority_NotMatchingAuthenticatedOrganization { get; }
+        = _factory.Create(1, "Authorized organization is not the competent authority owner of the requested resource.");
+
+    /// <summary>
+    /// Gets a validation error descriptor for when the authencticated organization code is not authorized as the competent authority owner of a resource registry resource.
+    /// </summary>
+    public static ValidationErrorDescriptor ResourceRegistry_CompetentAuthority_NotMatchingAuthenticatedOrgCode { get; }
+        = _factory.Create(2, "Authorized organization code is not the competent authority owner of the requested resource.");
+}
diff --git a/src/Authorization/Extensions/HttpClientExtension.cs b/src/Authorization/Extensions/HttpClientExtension.cs
index 2461a3d6..807b39fd 100644
--- a/src/Authorization/Extensions/HttpClientExtension.cs
+++ b/src/Authorization/Extensions/HttpClientExtension.cs
@@ -14,43 +14,54 @@ public static class HttpClientExtension
         /// Extension that add authorization header to request
         /// </summary>
         /// <param name="httpClient">The HttpClient</param>
-        /// <param name="authorizationToken">the authorization token (jwt)</param>
         /// <param name="requestUri">The request Uri</param>
         /// <param name="content">The http content</param>
+        /// <param name="authorizationToken">the authorization token (jwt)</param>
         /// <param name="platformAccessToken">The platformAccess tokens</param>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/></param>
         /// <returns>A HttpResponseMessage</returns>
-        public static Task<HttpResponseMessage> PostAsync(this HttpClient httpClient, string authorizationToken, string requestUri, HttpContent content, string platformAccessToken = null)
+        public static Task<HttpResponseMessage> PostAsync(this HttpClient httpClient, string requestUri, HttpContent content, string authorizationToken = null, string platformAccessToken = null, CancellationToken cancellationToken = default)
         {
             HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, new Uri(requestUri, UriKind.Relative));
-            request.Headers.Add("Authorization", "Bearer " + authorizationToken);
             request.Content = content;
 
+            if (!string.IsNullOrEmpty(authorizationToken))
+            {
+                request.Headers.Add("Authorization", "Bearer " + authorizationToken);
+            }
+
             if (!string.IsNullOrEmpty(platformAccessToken))
             {
                 request.Headers.Add("PlatformAccessToken", platformAccessToken);
             }
 
-            return httpClient.SendAsync(request, CancellationToken.None);
+            return httpClient.SendAsync(request, cancellationToken);
         }
 
         /// <summary>
         /// Extension that add authorization header to request
         /// </summary>
         /// <param name="httpClient">The HttpClient</param>
-        /// <param name="authorizationToken">the authorization token (jwt)</param>
         /// <param name="requestUri">The request Uri</param>
+        /// <param name="authorizationToken">the authorization token (jwt)</param>
         /// <param name="platformAccessToken">The platformAccess tokens</param>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/></param>
         /// <returns>A HttpResponseMessage</returns>
-        public static Task<HttpResponseMessage> GetAsync(this HttpClient httpClient, string authorizationToken, string requestUri, string platformAccessToken = null)
+        public static Task<HttpResponseMessage> GetAsync(this HttpClient httpClient, string requestUri, string authorizationToken = null, string platformAccessToken = null, CancellationToken cancellationToken = default)
         {
             HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUri);
-            request.Headers.Add("Authorization", "Bearer " + authorizationToken);
+
+            if (!string.IsNullOrEmpty(authorizationToken))
+            {
+                request.Headers.Add("Authorization", "Bearer " + authorizationToken);
+            }
+
             if (!string.IsNullOrEmpty(platformAccessToken))
             {
                 request.Headers.Add("PlatformAccessToken", platformAccessToken);
             }
 
-            return httpClient.SendAsync(request, HttpCompletionOption.ResponseContentRead, CancellationToken.None);
+            return httpClient.SendAsync(request, HttpCompletionOption.ResponseContentRead, cancellationToken);
         }
     }
 }
diff --git a/src/Authorization/Extensions/PlatformAccessTokenDependencyInjectionExtensions.cs b/src/Authorization/Extensions/PlatformAccessTokenDependencyInjectionExtensions.cs
new file mode 100644
index 00000000..a9b9f3fe
--- /dev/null
+++ b/src/Authorization/Extensions/PlatformAccessTokenDependencyInjectionExtensions.cs
@@ -0,0 +1,36 @@
+using Altinn.Authorization.Services;
+using Altinn.Common.AccessTokenClient.Services;
+using Altinn.Platform.Authorization.Configuration;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Altinn.Platform.Authorization.Extensions;
+
+/// <summary>
+/// Extension methods for adding services to the dependency injection container in order to support platform service integrations requiring platform access token.
+/// </summary>
+public static class PlatformAccessTokenDependencyInjectionExtensions
+{
+    /// <summary>
+    /// Registers services to the dependency injection container in order to support platform service integrations requiring platform access token.
+    /// </summary>
+    /// <param name="services">The <see cref="IServiceCollection"/>.</param>
+    /// <param name="config">The <see cref="IConfiguration"/>.</param>
+    /// <param name="isDevelopment">Whether the setup is for local dev environment. Will setup the platform token support using the web based Altinn test token generator.</param>
+    /// <returns><paramref name="services"/> for further chaining.</returns>
+    public static IServiceCollection AddPlatformAccessTokenSupport(
+        this IServiceCollection services, IConfiguration config, bool isDevelopment)
+    {
+        if (isDevelopment)
+        {
+            services.Configure<TokenGeneratorSettings>(config.GetSection("TokenGeneratorSettings"));
+            services.AddSingleton<IAccessTokenGenerator, DevAccessTokenGenerator>();
+        }
+        else
+        {
+            services.AddSingleton<IAccessTokenGenerator, AccessTokenGenerator>();
+        }
+
+        return services;
+    }
+}
\ No newline at end of file
diff --git a/src/Authorization/Helpers/ServiceResourceHelper.cs b/src/Authorization/Helpers/ServiceResourceHelper.cs
new file mode 100644
index 00000000..a66c34ce
--- /dev/null
+++ b/src/Authorization/Helpers/ServiceResourceHelper.cs
@@ -0,0 +1,16 @@
+using System.Text.RegularExpressions;
+
+namespace Altinn.Authorization.Helpers
+{
+    /// <summary>
+    /// ServiceResource helper methods
+    /// </summary>
+    public static partial class ServiceResourceHelper
+    {
+        /// <summary>
+        /// Resource identifier regex.
+        /// </summary>
+        [GeneratedRegex("^[a-z0-9_-]{4,}$")]
+        internal static partial Regex ResourceIdentifierRegex();
+    }
+}
diff --git a/src/Authorization/Models/AccessListAuthorizationRequest.cs b/src/Authorization/Models/AccessListAuthorizationRequest.cs
new file mode 100644
index 00000000..6c975eb9
--- /dev/null
+++ b/src/Authorization/Models/AccessListAuthorizationRequest.cs
@@ -0,0 +1,34 @@
+#nullable enable
+
+using System.ComponentModel.DataAnnotations;
+using System.Text.Json.Serialization;
+using Altinn.Authorization.Models.Register;
+using Altinn.Authorization.Models.ResourceRegistry;
+using Altinn.Urn.Json;
+
+namespace Altinn.Platform.Authorization.Models;
+
+/// <summary>
+/// Contains attribute match info about the reportee party and resource that's to be authorized
+/// </summary>
+public class AccessListAuthorizationRequest
+{
+    /// <summary>
+    /// Gets or sets the attributes identifying the party to be authorized
+    /// </summary>
+    [Required]
+    [JsonRequired]
+    public UrnJsonTypeValue<PartyUrn> Subject { get; set; }
+
+    /// <summary>
+    /// Gets or sets the attributes identifying the resource to authorize the party for
+    /// </summary>
+    [Required]
+    [JsonRequired]
+    public UrnJsonTypeValue<ResourceIdUrn> Resource { get; set; }
+
+    /// <summary>
+    /// Gets or sets an optional action value to authorize
+    /// </summary>
+    public UrnJsonTypeValue<ActionUrn> Action { get; set; }
+}
\ No newline at end of file
diff --git a/src/Authorization/Models/AccessListAuthorizationResponse.cs b/src/Authorization/Models/AccessListAuthorizationResponse.cs
new file mode 100644
index 00000000..120214e6
--- /dev/null
+++ b/src/Authorization/Models/AccessListAuthorizationResponse.cs
@@ -0,0 +1,51 @@
+using System;
+using Altinn.Authorization.Enums;
+using Altinn.Authorization.Models.Register;
+using Altinn.Authorization.Models.ResourceRegistry;
+using Altinn.Urn.Json;
+
+namespace Altinn.Platform.Authorization.Models;
+
+/// <summary>
+/// Contains attribute match info about the reportee party and resource that's to be authorized
+/// </summary>
+public class AccessListAuthorizationResponse
+{
+    /// <summary>
+    /// Creates a new <see cref="AccessListAuthorizationResponse"/> from an <see cref="AccessListAuthorizationRequest"/>.
+    /// </summary>
+    /// <param name="request">The request.</param>
+    /// <returns>The mapped <see cref="AccessListAuthorizationResponse"/>.</returns>
+    public static AccessListAuthorizationResponse From(AccessListAuthorizationRequest request)
+    {
+        request = request ?? throw new ArgumentNullException(nameof(request));
+
+        return new AccessListAuthorizationResponse
+        {
+            Subject = request.Subject,
+            Resource = request.Resource,
+            Action = request.Action,
+            Result = AccessListAuthorizationResult.NotDetermined
+        };
+    }
+
+    /// <summary>
+    /// Gets or sets the attributes identifying the party to be authorized
+    /// </summary>
+    public UrnJsonTypeValue<PartyUrn> Subject { get; set; }
+
+    /// <summary>
+    /// Gets or sets the attributes identifying the resource to authorize the party for
+    /// </summary>
+    public UrnJsonTypeValue<ResourceIdUrn> Resource { get; set; }
+
+    /// <summary>
+    /// Gets or sets an optional action value to authorize
+    /// </summary>
+    public UrnJsonTypeValue<ActionUrn> Action { get; set; }
+
+    /// <summary>
+    /// Gets or sets the result of the access list authorization
+    /// </summary>
+    public AccessListAuthorizationResult Result { get; set; }
+}
\ No newline at end of file
diff --git a/src/Authorization/Models/AccessListAuthorizationResult.cs b/src/Authorization/Models/AccessListAuthorizationResult.cs
new file mode 100644
index 00000000..1e52f289
--- /dev/null
+++ b/src/Authorization/Models/AccessListAuthorizationResult.cs
@@ -0,0 +1,29 @@
+using System.Runtime.Serialization;
+using System.Text.Json.Serialization;
+
+namespace Altinn.Authorization.Enums;
+
+/// <summary>
+/// Enum defining the different results of an access list authorization
+/// </summary>
+[JsonConverter(typeof(JsonStringEnumConverter))]
+public enum AccessListAuthorizationResult
+{
+    /// <summary>
+    /// Result is not yet determined
+    /// </summary>
+    [EnumMember(Value = "NotDetermined")]
+    NotDetermined,
+
+    /// <summary>
+    /// Subject is not authorized to access the resource through any access lists
+    /// </summary>
+    [EnumMember(Value = "NotAuthorized")]
+    NotAuthorized,
+
+    /// <summary>
+    /// Subject is authorized to access the resource through one or more access lists
+    /// </summary>
+    [EnumMember(Value = "Authorized")]
+    Authorized
+}
\ No newline at end of file
diff --git a/src/Authorization/Models/ActionIdentifier.cs b/src/Authorization/Models/ActionIdentifier.cs
new file mode 100644
index 00000000..f823fd08
--- /dev/null
+++ b/src/Authorization/Models/ActionIdentifier.cs
@@ -0,0 +1,121 @@
+#nullable enable
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using Altinn.Swashbuckle.Examples;
+
+namespace Altinn.Authorization.Models;
+
+/// <summary>
+/// A xacml action string.
+/// </summary>
+[JsonConverter(typeof(JsonConverter))]
+public class ActionIdentifier
+    : ISpanParsable<ActionIdentifier>,
+    ISpanFormattable,
+    IExampleDataProvider<ActionIdentifier>
+{
+    private readonly string _value;
+
+    private ActionIdentifier(string value)
+    {
+        _value = value;
+    }
+
+    /// <summary>
+    /// Creates a new <see cref="ActionIdentifier"/> from the specified value without validation.
+    /// </summary>
+    /// <param name="value">The action identifier.</param>
+    /// <returns>A <see cref="ActionIdentifier"/>.</returns>
+    public static ActionIdentifier CreateUnchecked(string value)
+        => new(value);
+
+    /// <inheritdoc/>
+    public static IEnumerable<ActionIdentifier>? GetExamples(ExampleDataOptions options)
+    {
+        yield return new ActionIdentifier("read");
+        yield return new ActionIdentifier("write");
+    }
+
+    /// <inheritdoc cref="IParsable{TSelf}.Parse(string, IFormatProvider?)"/>
+    public static ActionIdentifier Parse(string s)
+        => Parse(s, provider: null);
+
+    /// <inheritdoc/>
+    public static ActionIdentifier Parse(string s, IFormatProvider? provider)
+        => TryParse(s, provider, out var result)
+        ? result
+        : throw new FormatException("Invalid action");
+
+    /// <inheritdoc cref="ISpanParsable{TSelf}.Parse(ReadOnlySpan{char}, IFormatProvider?)"/>
+    public static ActionIdentifier Parse(ReadOnlySpan<char> s)
+        => Parse(s, provider: null);
+
+    /// <inheritdoc/>
+    public static ActionIdentifier Parse(ReadOnlySpan<char> s, IFormatProvider? provider)
+        => TryParse(s, provider, out var result)
+        ? result
+        : throw new FormatException("Invalid action");
+
+    /// <inheritdoc/>
+    public static bool TryParse([NotNullWhen(true)] string? s, IFormatProvider? provider, [MaybeNullWhen(false)] out ActionIdentifier result)
+        => TryParse(s.AsSpan(), s, out result);
+
+    /// <inheritdoc/>
+    public static bool TryParse(ReadOnlySpan<char> s, IFormatProvider? provider, [MaybeNullWhen(false)] out ActionIdentifier result)
+        => TryParse(s, original: null, out result);
+
+    private static bool TryParse(ReadOnlySpan<char> s, string? original, [MaybeNullWhen(false)] out ActionIdentifier result)
+    {
+        result = new ActionIdentifier(original ?? new string(s));
+        return true;
+    }
+
+    /// <inheritdoc/>
+    public override string ToString()
+        => _value;
+
+    /// <inheritdoc cref="IFormattable.ToString(string?, IFormatProvider?)"/>
+    public string ToString(string? format)
+        => _value;
+
+    /// <inheritdoc/>
+    public string ToString(string? format, IFormatProvider? formatProvider)
+        => _value;
+
+    /// <inheritdoc/>
+    public bool TryFormat(Span<char> destination, out int charsWritten, ReadOnlySpan<char> format, IFormatProvider? provider)
+    {
+        if (destination.Length < _value.Length)
+        {
+            charsWritten = 0;
+            return false;
+        }
+
+        _value.AsSpan().CopyTo(destination);
+        charsWritten = _value.Length;
+        return true;
+    }
+
+    private sealed class JsonConverter : JsonConverter<ActionIdentifier>
+    {
+        public override ActionIdentifier? Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
+        {
+            var str = reader.GetString();
+            if (!TryParse(str, null, out var result))
+            {
+                throw new JsonException("Invalid action");
+            }
+
+            return result;
+        }
+
+        public override void Write(Utf8JsonWriter writer, ActionIdentifier value, JsonSerializerOptions options)
+        {
+            writer.WriteStringValue(value._value);
+        }
+    }
+}
diff --git a/src/Authorization/Models/ActionUrn.cs b/src/Authorization/Models/ActionUrn.cs
new file mode 100644
index 00000000..d8a10caa
--- /dev/null
+++ b/src/Authorization/Models/ActionUrn.cs
@@ -0,0 +1,20 @@
+#nullable enable
+
+using Altinn.Urn;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// A unique reference to an action in the form of an URN.
+/// </summary>
+[KeyValueUrn]
+public abstract partial record ActionUrn
+{
+    /// <summary>
+    /// Try to get the urn as an action.
+    /// </summary>
+    /// <param name="action">The resulting action.</param>
+    /// <returns><see langword="true"/> if this is an action, otherwise <see langword="false"/>.</returns>
+    [UrnKey("oasis:names:tc:xacml:1.0:action:action-id")]
+    public partial bool IsActionId(out ActionIdentifier action);
+}
diff --git a/src/Authorization/Models/Register/OrganizationNumber.cs b/src/Authorization/Models/Register/OrganizationNumber.cs
new file mode 100644
index 00000000..4dbe9e4d
--- /dev/null
+++ b/src/Authorization/Models/Register/OrganizationNumber.cs
@@ -0,0 +1,135 @@
+#nullable enable
+
+using System;
+using System.Buffers;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using Altinn.Swashbuckle.Examples;
+
+namespace Altinn.Authorization.Models.Register;
+
+/// <summary>
+/// A organization number (a string of 9 digits).
+/// </summary>
+[JsonConverter(typeof(JsonConverter))]
+public class OrganizationNumber
+    : ISpanParsable<OrganizationNumber>,
+      ISpanFormattable,
+      IExampleDataProvider<OrganizationNumber>
+{
+    private static readonly SearchValues<char> NUMBERS = SearchValues.Create(['0', '1', '2', '3', '4', '5', '6', '7', '8', '9']);
+    private readonly string _value;
+
+    private OrganizationNumber(string value)
+    {
+        _value = value;
+    }
+
+    /// <summary>
+    /// Creates a new <see cref="OrganizationNumber"/> from the specified value without validation.
+    /// </summary>
+    /// <param name="value">The organization identifier.</param>
+    /// <returns>A <see cref="OrganizationNumber"/>.</returns>
+    public static OrganizationNumber CreateUnchecked(string value)
+        => new(value);
+
+    /// <inheritdoc/>
+    public static IEnumerable<OrganizationNumber>? GetExamples(ExampleDataOptions options)
+    {
+        yield return new OrganizationNumber("123456789");
+        yield return new OrganizationNumber("987654321");
+    }
+
+    /// <inheritdoc cref="IParsable{TSelf}.Parse(string, IFormatProvider?)"/>
+    public static OrganizationNumber Parse(string s)
+        => Parse(s, provider: null);
+
+    /// <inheritdoc/>
+    public static OrganizationNumber Parse(string s, IFormatProvider? provider)
+        => TryParse(s, provider, out var result)
+        ? result
+        : throw new FormatException("Invalid organization number");
+
+    /// <inheritdoc cref="ISpanParsable{TSelf}.Parse(ReadOnlySpan{char}, IFormatProvider?)"/>
+    public static OrganizationNumber Parse(ReadOnlySpan<char> s)
+        => Parse(s, provider: null);
+
+    /// <inheritdoc/>
+    public static OrganizationNumber Parse(ReadOnlySpan<char> s, IFormatProvider? provider)
+        => TryParse(s, provider, out var result)
+        ? result
+        : throw new FormatException("Invalid organization number");
+
+    /// <inheritdoc/>
+    public static bool TryParse([NotNullWhen(true)] string? s, IFormatProvider? provider, [MaybeNullWhen(false)] out OrganizationNumber result)
+        => TryParse(s.AsSpan(), s, out result);
+
+    /// <inheritdoc/>
+    public static bool TryParse(ReadOnlySpan<char> s, IFormatProvider? provider, [MaybeNullWhen(false)] out OrganizationNumber result)
+        => TryParse(s, original: null, out result);
+
+    private static bool TryParse(ReadOnlySpan<char> s, string? original, [MaybeNullWhen(false)] out OrganizationNumber result)
+    {
+        if (s.Length != 9)
+        {
+            result = null;
+            return false;
+        }
+
+        if (s.ContainsAnyExcept(NUMBERS))
+        {
+            result = null;
+            return false;
+        }
+
+        result = new OrganizationNumber(original ?? new string(s));
+        return true;
+    }
+
+    /// <inheritdoc/>
+    public override string ToString()
+        => _value;
+
+    /// <inheritdoc cref="IFormattable.ToString(string?, IFormatProvider?)"/>
+    public string ToString(string? format)
+        => _value;
+
+    /// <inheritdoc/>
+    public string ToString(string? format, IFormatProvider? formatProvider)
+        => _value;
+
+    /// <inheritdoc/>
+    public bool TryFormat(Span<char> destination, out int charsWritten, ReadOnlySpan<char> format, IFormatProvider? provider)
+    {
+        if (destination.Length < _value.Length)
+        {
+            charsWritten = 0;
+            return false;
+        }
+
+        _value.AsSpan().CopyTo(destination);
+        charsWritten = _value.Length;
+        return true;
+    }
+
+    private sealed class JsonConverter : JsonConverter<OrganizationNumber>
+    {
+        public override OrganizationNumber? Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
+        {
+            var str = reader.GetString();
+            if (!TryParse(str, null, out var result))
+            {
+                throw new JsonException("Invalid organization number");
+            }
+
+            return result;
+        }
+
+        public override void Write(Utf8JsonWriter writer, OrganizationNumber value, JsonSerializerOptions options)
+        {
+            writer.WriteStringValue(value._value);
+        }
+    }
+}
diff --git a/src/Authorization/Models/Register/PartyIdentifiers.cs b/src/Authorization/Models/Register/PartyIdentifiers.cs
new file mode 100644
index 00000000..4078c7c8
--- /dev/null
+++ b/src/Authorization/Models/Register/PartyIdentifiers.cs
@@ -0,0 +1,31 @@
+#nullable enable
+
+using System;
+
+namespace Altinn.Authorization.Models.Register;
+
+/// <summary>
+/// A set of identifiers for a party.
+/// </summary>
+public record PartyIdentifiers
+{
+    /// <summary>
+    /// The party id.
+    /// </summary>
+    public required int PartyId { get; init; }
+
+    /// <summary>
+    /// The party uuid.
+    /// </summary>
+    public required Guid PartyUuid { get; init; }
+
+    /// <summary>
+    /// The organization number of the party (if applicable).
+    /// </summary>
+    public required string? OrgNumber { get; init; }
+
+    /// <summary>
+    /// The social security number of the party (if applicable and included).
+    /// </summary>
+    public string? SSN { get; init; }
+}
diff --git a/src/Authorization/Models/Register/PartyUrn.cs b/src/Authorization/Models/Register/PartyUrn.cs
new file mode 100644
index 00000000..3eab2243
--- /dev/null
+++ b/src/Authorization/Models/Register/PartyUrn.cs
@@ -0,0 +1,34 @@
+#nullable enable
+
+using System;
+using System.Globalization;
+using Altinn.Urn;
+
+namespace Altinn.Authorization.Models.Register;
+
+/// <summary>
+/// A unique reference to a party in the form of an URN.
+/// </summary>
+[KeyValueUrn]
+public abstract partial record PartyUrn
+{
+    /// <summary>
+    /// Try to get the urn as a party uuid.
+    /// </summary>
+    /// <param name="partyUuid">The resulting party uuid.</param>
+    /// <returns><see langword="true"/> if this party reference is a party uuid, otherwise <see langword="false"/>.</returns>
+    [UrnKey("altinn:party:uuid")]
+    public partial bool IsPartyUuid(out Guid partyUuid);
+
+    /// <summary>
+    /// Try to get the urn as an organization number.
+    /// </summary>
+    /// <param name="organizationNumber">The resulting organization number.</param>
+    /// <returns><see langword="true"/> if this party reference is an organization number, otherwise <see langword="false"/>.</returns>
+    [UrnKey("altinn:organization:identifier-no")]
+    public partial bool IsOrganizationIdentifier(out OrganizationNumber organizationNumber);
+
+    // Manually overridden to disallow negative party ids
+    private static bool TryParsePartyId(ReadOnlySpan<char> segment, IFormatProvider? provider, out int value)
+        => int.TryParse(segment, NumberStyles.None, provider, out value);
+}
diff --git a/src/Authorization/Models/ResourceRegistry/AccessListResourceMembershipWithActionFilterDto.cs b/src/Authorization/Models/ResourceRegistry/AccessListResourceMembershipWithActionFilterDto.cs
new file mode 100644
index 00000000..2c357ca4
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/AccessListResourceMembershipWithActionFilterDto.cs
@@ -0,0 +1,29 @@
+#nullable enable
+
+using System;
+using System.Collections.Generic;
+using System.Text.Json.Serialization;
+using Altinn.Authorization.Models.Register;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// Represents a party's membership of a access list connected to a specific resource with an optional set of action filters.
+/// </summary>
+/// <param name="Party">The party UUID.</param>
+/// <param name="Resource">The resource id.</param>
+/// <param name="Since">Since when this party has been a member of the list connected to the party.</param>
+/// <param name="ActionFilters">Optional set of action filters.</param>
+public record AccessListResourceMembershipWithActionFilterDto(
+    PartyUrn.PartyUuid Party,
+    ResourceUrn.ResourceId Resource,
+    DateTimeOffset Since,
+    IReadOnlyCollection<string>? ActionFilters)
+{
+    /// <summary>
+    /// Gets the allowed actions or <see langword="null"/> if all actions are allowed.
+    /// </summary>
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public IReadOnlyCollection<string>? ActionFilters { get; }
+        = ActionFilters is null or { Count: 0 } ? null : ActionFilters;
+}
diff --git a/src/Authorization/Models/ResourceRegistry/AuthorizationReferenceAttribute.cs b/src/Authorization/Models/ResourceRegistry/AuthorizationReferenceAttribute.cs
new file mode 100644
index 00000000..a1f0a745
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/AuthorizationReferenceAttribute.cs
@@ -0,0 +1,17 @@
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// The reference
+/// </summary>
+public class AuthorizationReferenceAttribute
+{
+    /// <summary>
+    /// The key for authorization reference. Used for authorization api related to resource
+    /// </summary>
+    public string Id { get; set; }
+
+    /// <summary>
+    /// The value for authorization reference. Used for authorization api related to resource
+    /// </summary>
+    public string Value { get; set; }
+}
diff --git a/src/Authorization/Models/ResourceRegistry/CompetentAuthority.cs b/src/Authorization/Models/ResourceRegistry/CompetentAuthority.cs
new file mode 100644
index 00000000..657e3611
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/CompetentAuthority.cs
@@ -0,0 +1,24 @@
+using System.Collections.Generic;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// Model representation of Competent Authority part of the ServiceResource model
+/// </summary>
+public class CompetentAuthority
+{
+    /// <summary>
+    /// The organization number
+    /// </summary>
+    public string Organization { get; set; }
+
+    /// <summary>
+    /// The organization code
+    /// </summary>
+    public string Orgcode { get; set; }
+
+    /// <summary>
+    /// The organization name. If not set it will be retrived from register based on Organization number
+    /// </summary>
+    public Dictionary<string, string> Name { get; set; }
+}
diff --git a/src/Authorization/Models/ResourceRegistry/ContactPoint.cs b/src/Authorization/Models/ResourceRegistry/ContactPoint.cs
new file mode 100644
index 00000000..0ee732b8
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ContactPoint.cs
@@ -0,0 +1,27 @@
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// Defines a contact point
+/// </summary>
+public class ContactPoint
+{
+    /// <summary>
+    /// The type of contact point, phone, email ++
+    /// </summary>
+    public string Category { get; set; }
+
+    /// <summary>
+    /// The contact details. The actual phone number, email adress
+    /// </summary>
+    public string Email { get; set; }
+
+    /// <summary>
+    /// Phone details
+    /// </summary>
+    public string Telephone { get; set; }
+
+    /// <summary>
+    /// Contact page
+    /// </summary>
+    public string ContactPage { get; set; }
+}
diff --git a/src/Authorization/Models/ResourceRegistry/Keyword.cs b/src/Authorization/Models/ResourceRegistry/Keyword.cs
new file mode 100644
index 00000000..8dab955e
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/Keyword.cs
@@ -0,0 +1,17 @@
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// Model for defining keywords
+/// </summary>
+public class Keyword
+{
+    /// <summary>
+    /// The key word
+    /// </summary>
+    public string Word { get; set; } 
+
+    /// <summary>
+    /// Language of the key word
+    /// </summary>
+    public string Language { get; set; }
+}
diff --git a/src/Authorization/Models/ResourceRegistry/ListObject.cs b/src/Authorization/Models/ResourceRegistry/ListObject.cs
new file mode 100644
index 00000000..e9e5174d
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ListObject.cs
@@ -0,0 +1,53 @@
+#nullable enable
+
+using System.Collections.Generic;
+using System.Text.Json.Serialization;
+using Microsoft.OpenApi.Models;
+using Swashbuckle.AspNetCore.Annotations;
+using Swashbuckle.AspNetCore.SwaggerGen;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// A list object is a wrapper around a list of items to allow for the API to be
+/// extended in the future without breaking backwards compatibility.
+/// </summary>
+[SwaggerSchemaFilter(typeof(SchemaFilter))]
+public abstract record ListObject
+{
+    /// <summary>
+    /// Creates a new <see cref="ListObject{T}"/> from a list of items.
+    /// </summary>
+    /// <typeparam name="T">The list type.</typeparam>
+    /// <param name="items">The list of items.</param>
+    /// <returns>A <see cref="ListObject{T}"/>.</returns>
+    public static ListObject<T> Create<T>(IEnumerable<T> items)
+        => new(items);
+
+    /// <summary>
+    /// Default schema filter for <see cref="ListObject"/>.
+    /// </summary>
+    protected class SchemaFilter : ISchemaFilter
+    {
+        /// <inheritdoc/>
+        public void Apply(OpenApiSchema schema, SchemaFilterContext context)
+        {
+            foreach (var prop in schema.Properties)
+            {
+                schema.Required.Add(prop.Key);
+            }
+
+            schema.Properties["data"].Nullable = false;
+        }
+    }
+}
+
+/// <summary>
+/// A concrete list object.
+/// </summary>
+/// <typeparam name="T">The item type.</typeparam>
+/// <param name="Items">The items.</param>
+public record ListObject<T>(
+    [property: JsonPropertyName("data")]
+    IEnumerable<T> Items)
+    : ListObject;
diff --git a/src/Authorization/Models/ResourceRegistry/ReferenceSource.cs b/src/Authorization/Models/ResourceRegistry/ReferenceSource.cs
new file mode 100644
index 00000000..ef756c3a
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ReferenceSource.cs
@@ -0,0 +1,24 @@
+using System.Runtime.Serialization;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// Enum for the different reference sources for resources in the resource registry
+/// </summary>
+public enum ReferenceSource
+{
+    [EnumMember(Value = "Default")]    
+    Default = 0,
+
+    [EnumMember(Value = "Altinn1")]
+    Altinn1 = 1,
+
+    [EnumMember(Value = "Altinn2")]
+    Altinn2 = 2,
+
+    [EnumMember(Value = "Altinn3")]
+    Altinn3 = 3,
+
+    [EnumMember(Value = "ExternalPlatform")]
+    ExternalPlatform = 4
+}
diff --git a/src/Authorization/Models/ResourceRegistry/ReferenceType.cs b/src/Authorization/Models/ResourceRegistry/ReferenceType.cs
new file mode 100644
index 00000000..93f36cb1
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ReferenceType.cs
@@ -0,0 +1,30 @@
+using System.Runtime.Serialization;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// Enum for reference types of resources in the resource registry
+/// </summary>
+public enum ReferenceType
+{
+    [EnumMember(Value = "Default")]
+    Default = 0,
+
+    [EnumMember(Value = "Uri")]
+    Uri = 1,
+    
+    [EnumMember(Value = "DelegationSchemeId")]
+    DelegationSchemeId = 2,
+
+    [EnumMember(Value = "MaskinportenScope")]
+    MaskinportenScope = 3,
+    
+    [EnumMember(Value = "ServiceCode")]
+    ServiceCode = 4,
+
+    [EnumMember(Value = "ServiceEditionCode")]
+    ServiceEditionCode = 5,
+
+    [EnumMember(Value = "ApplicationId")]
+    ApplicationId = 6,
+}
diff --git a/src/Authorization/Models/ResourceRegistry/ResourceAccessListMode.cs b/src/Authorization/Models/ResourceRegistry/ResourceAccessListMode.cs
new file mode 100644
index 00000000..fb4a1d7d
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ResourceAccessListMode.cs
@@ -0,0 +1,11 @@
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// Enum representation of the different types of ResourceAccessListModes supported by the resource registry
+/// </summary>
+public enum ResourceAccessListMode
+{
+    Disabled = 0,
+
+    Enabled = 1
+}
diff --git a/src/Authorization/Models/ResourceRegistry/ResourceIdUrn.cs b/src/Authorization/Models/ResourceRegistry/ResourceIdUrn.cs
new file mode 100644
index 00000000..95daa97e
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ResourceIdUrn.cs
@@ -0,0 +1,20 @@
+#nullable enable
+
+using Altinn.Urn;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// A unique reference to a resource in the form of an URN.
+/// </summary>
+[KeyValueUrn]
+public abstract partial record ResourceIdUrn
+{
+    /// <summary>
+    /// Try to get the urn as a resource id.
+    /// </summary>
+    /// <param name="resourceId">The resulting resource id.</param>
+    /// <returns><see langword="true"/> if this resource reference is a resource id, otherwise <see langword="false"/>.</returns>
+    [UrnKey("altinn:resource")]
+    public partial bool IsResourceId(out ResourceIdentifier resourceId);
+}
diff --git a/src/Authorization/Models/ResourceRegistry/ResourceIdentifier.cs b/src/Authorization/Models/ResourceRegistry/ResourceIdentifier.cs
new file mode 100644
index 00000000..ef41e8fa
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ResourceIdentifier.cs
@@ -0,0 +1,130 @@
+#nullable enable
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using Altinn.Authorization.Helpers;
+using Altinn.Swashbuckle.Examples;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// A valid resource identifier.
+/// </summary>
+[JsonConverter(typeof(JsonConverter))]
+[DebuggerDisplay("{_value}")]
+public sealed record ResourceIdentifier
+    : ISpanParsable<ResourceIdentifier>,
+    ISpanFormattable,
+    IExampleDataProvider<ResourceIdentifier>
+{
+    private readonly string _value;
+
+    private ResourceIdentifier(string value)
+    {
+        _value = value;
+    }
+
+    /// <inheritdoc/>
+    public static IEnumerable<ResourceIdentifier>? GetExamples(ExampleDataOptions options)
+    {
+        yield return new ResourceIdentifier("example-resourceid");
+        yield return new ResourceIdentifier("app_skd_flyttemelding");
+    }
+
+    /// <summary>
+    /// Creates a new <see cref="ResourceIdentifier"/> from the specified value without validation.
+    /// </summary>
+    /// <param name="value">The resource identifier.</param>
+    /// <returns>A <see cref="ResourceIdentifier"/>.</returns>
+    public static ResourceIdentifier CreateUnchecked(string value)
+        => new(value);
+
+    /// <inheritdoc cref="IParsable{TSelf}.Parse(string, IFormatProvider?)"/>
+    public static ResourceIdentifier Parse(string s)
+        => Parse(s, provider: null);
+
+    /// <inheritdoc/>
+    public static ResourceIdentifier Parse(string s, IFormatProvider? provider)
+        => TryParse(s, provider, out var result)
+        ? result
+        : throw new FormatException("Invalid resource identifier");
+
+    /// <inheritdoc cref="ISpanParsable{TSelf}.Parse(ReadOnlySpan{char}, IFormatProvider?)"/>
+    public static ResourceIdentifier Parse(ReadOnlySpan<char> s)
+        => Parse(s, provider: null);
+
+    /// <inheritdoc/>
+    public static ResourceIdentifier Parse(ReadOnlySpan<char> s, IFormatProvider? provider)
+        => TryParse(s, provider, out var result)
+        ? result
+        : throw new FormatException("Invalid resource identifier");
+
+    /// <inheritdoc/>
+    public static bool TryParse([NotNullWhen(true)] string? s, IFormatProvider? provider, [MaybeNullWhen(false)] out ResourceIdentifier result)
+        => TryParse(s.AsSpan(), s, out result);
+
+    /// <inheritdoc/>
+    public static bool TryParse(ReadOnlySpan<char> s, IFormatProvider? provider, [MaybeNullWhen(false)] out ResourceIdentifier result)
+        => TryParse(s, original: null, out result);
+
+    private static bool TryParse(ReadOnlySpan<char> s, string? original, [MaybeNullWhen(false)] out ResourceIdentifier result)
+    {
+        if (!ServiceResourceHelper.ResourceIdentifierRegex().IsMatch(s))
+        {
+            result = null;
+            return false;
+        }
+
+        result = new ResourceIdentifier(original ?? new string(s));
+        return true;
+    }
+
+    /// <inheritdoc/>
+    public override string ToString()
+        => _value;
+
+    /// <inheritdoc cref="IFormattable.ToString(string?, IFormatProvider?)"/>
+    public string ToString(string? format)
+        => _value;
+
+    /// <inheritdoc/>
+    public string ToString(string? format, IFormatProvider? formatProvider)
+        => _value;
+
+    /// <inheritdoc/>
+    public bool TryFormat(Span<char> destination, out int charsWritten, ReadOnlySpan<char> format, IFormatProvider? provider)
+    {
+        if (destination.Length < _value.Length)
+        {
+            charsWritten = 0;
+            return false;
+        }
+
+        _value.AsSpan().CopyTo(destination);
+        charsWritten = _value.Length;
+        return true;
+    }
+
+    private sealed class JsonConverter : JsonConverter<ResourceIdentifier>
+    {
+        public override ResourceIdentifier? Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
+        {
+            var str = reader.GetString();
+            if (!TryParse(str, null, out var result))
+            {
+                throw new JsonException("Invalid resource identifier");
+            }
+
+            return result;
+        }
+
+        public override void Write(Utf8JsonWriter writer, ResourceIdentifier value, JsonSerializerOptions options)
+        {
+            writer.WriteStringValue(value._value);
+        }
+    }
+}
diff --git a/src/Authorization/Models/ResourceRegistry/ResourcePartyType.cs b/src/Authorization/Models/ResourceRegistry/ResourcePartyType.cs
new file mode 100644
index 00000000..2e83b277
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ResourcePartyType.cs
@@ -0,0 +1,26 @@
+using System.Runtime.Serialization;
+using System.Text.Json.Serialization;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// Defines the type of party that a resource is targeting
+/// </summary>
+[JsonConverter(typeof(JsonStringEnumConverter))]
+public enum ResourcePartyType
+{
+    [EnumMember(Value = "PrivatePerson")]
+    PrivatePerson = 0,
+
+    [EnumMember(Value = "LegalEntityEnterprise")]
+    LegalEntityEnterprise = 1,
+
+    [EnumMember(Value = "Company")]
+    Company = 2,
+
+    [EnumMember(Value = "BankruptcyEstate")]
+    BankruptcyEstate = 3,
+
+    [EnumMember(Value = "SelfRegisteredUser")]
+    SelfRegisteredUser = 4
+}
diff --git a/src/Authorization/Models/ResourceRegistry/ResourceReference.cs b/src/Authorization/Models/ResourceRegistry/ResourceReference.cs
new file mode 100644
index 00000000..5a73bb94
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ResourceReference.cs
@@ -0,0 +1,27 @@
+#nullable enable
+using System.Text.Json.Serialization;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// Model representation of the resource reference part of the ServiceResource model
+/// </summary>
+public class ResourceReference
+{
+    /// <summary>
+    /// The source the reference identifier points to
+    /// </summary>
+    [JsonConverter(typeof(JsonStringEnumConverter))]
+    public ReferenceSource? ReferenceSource { get; set; }
+
+    /// <summary>
+    /// The reference identifier
+    /// </summary>
+    public string? Reference { get; set; }
+
+    /// <summary>
+    /// The reference type
+    /// </summary>
+    [JsonConverter(typeof(JsonStringEnumConverter))]
+    public ReferenceType? ReferenceType { get; set; }
+}
diff --git a/src/Authorization/Models/ResourceRegistry/ResourceType.cs b/src/Authorization/Models/ResourceRegistry/ResourceType.cs
new file mode 100644
index 00000000..6dd8b1a0
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ResourceType.cs
@@ -0,0 +1,33 @@
+using NpgsqlTypes;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// Enum representation of the different types of resources supported by the resource registry
+/// </summary>
+public enum ResourceType
+{
+    [PgName("default")]
+    Default = 0,
+
+    [PgName("systemresource")]
+    Systemresource = 1 << 0,
+
+    [PgName("maskinportenschema")]
+    MaskinportenSchema = 1 << 1,
+
+    [PgName("altinn2service")]
+    Altinn2Service = 1 << 2,
+
+    [PgName("altinnapp")]
+    AltinnApp = 1 << 3,
+
+    [PgName("genericaccessresource")]
+    GenericAccessResource = 1 << 4,
+
+    [PgName("brokerservice")]
+    BrokerService = 1 << 5,
+
+    [PgName("correspondenceservice")]
+    CorrespondenceService = 1 << 6,
+}
diff --git a/src/Authorization/Models/ResourceRegistry/ResourceUrn.cs b/src/Authorization/Models/ResourceRegistry/ResourceUrn.cs
new file mode 100644
index 00000000..9b191438
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ResourceUrn.cs
@@ -0,0 +1,20 @@
+#nullable enable
+
+using Altinn.Urn;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// A unique reference to a resource in the form of an URN.
+/// </summary>
+[KeyValueUrn]
+public abstract partial record ResourceUrn
+{
+    /// <summary>
+    /// Try to get the urn as a resource id.
+    /// </summary>
+    /// <param name="resourceId">The resulting resource id.</param>
+    /// <returns><see langword="true"/> if this resource reference is a resource id, otherwise <see langword="false"/>.</returns>
+    [UrnKey("altinn:resource")]
+    public partial bool IsResourceId(out ResourceIdentifier resourceId);
+}
diff --git a/src/Authorization/Models/ResourceRegistry/ServiceResource.cs b/src/Authorization/Models/ResourceRegistry/ServiceResource.cs
new file mode 100644
index 00000000..29a5c802
--- /dev/null
+++ b/src/Authorization/Models/ResourceRegistry/ServiceResource.cs
@@ -0,0 +1,144 @@
+#nullable enable
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Text.Json.Serialization;
+
+namespace Altinn.Authorization.Models.ResourceRegistry;
+
+/// <summary>
+/// Model describing a complete resource from the resrouce registry
+/// </summary>
+public class ServiceResource
+{
+    /// <summary>
+    /// The identifier of the resource
+    /// </summary>
+    [Required]
+    public string? Identifier { get; set; }
+
+    /// <summary>
+    /// The version of the resource
+    /// </summary>
+    public string? Version { get; set; }
+
+    /// <summary>
+    /// The title of service
+    /// </summary>
+    [Required]
+    public Dictionary<string, string>? Title { get; set; }
+
+    /// <summary>
+    /// Description
+    /// </summary>
+    [Required]
+    public Dictionary<string, string>? Description { get; set; }
+
+    /// <summary>
+    /// Description explaining the rights a recipient will receive if given access to the resource
+    /// </summary>
+    public Dictionary<string, string>? RightDescription { get; set;  }
+
+    /// <summary>
+    /// The homepage
+    /// </summary>
+    public string? Homepage { get; set; }    
+
+    /// <summary>
+    /// The status
+    /// </summary>
+    public string? Status { get; set; }
+
+    /// <summary>
+    /// spatial coverage
+    /// This property represents that area(s) a Public Service is likely to be available only within, typically the area(s) covered by a particular public authority.
+    /// </summary>
+    public List<string>? Spatial { get; set;  }
+
+    /// <summary>
+    /// List of possible contact points
+    /// </summary>
+    [Required]
+    public List<ContactPoint>? ContactPoints { get; set; }
+
+    /// <summary>
+    /// Linkes to the outcome of a public service
+    /// </summary>
+    public List<string>? Produces { get; set;  }
+
+    /// <summary>
+    /// IsPartOf
+    /// </summary>
+    public string? IsPartOf { get; set; }
+
+    /// <summary>
+    /// ThematicAreas
+    /// </summary>
+    public List<string>? ThematicAreas { get; set; }
+
+    /// <summary>
+    /// ResourceReference
+    /// </summary>
+    public List<ResourceReference>? ResourceReferences { get; set;  }
+
+    /// <summary>
+    /// Is this resource possible to delegate to others or not
+    /// </summary>
+    public bool Delegable { get; set; } = true;
+    
+    /// <summary>
+    /// The visibility of the resource
+    /// </summary>
+    public bool Visible { get; set; } = true; 
+
+    /// <summary>
+    /// HasCompetentAuthority
+    /// </summary>
+    [Required]
+    public CompetentAuthority? HasCompetentAuthority { get; set; }
+
+    /// <summary>
+    /// Keywords
+    /// </summary>
+    public List<Keyword>? Keywords { get; set; }
+
+    /// <summary>
+    /// Sets the access list mode for the resource
+    /// </summary>
+    [JsonConverter(typeof(JsonStringEnumConverter))]
+    public ResourceAccessListMode AccessListMode { get; set; }
+
+    /// <summary>
+    /// The user acting on behalf of party can be a selfidentifed users
+    /// </summary>
+    public bool SelfIdentifiedUserEnabled { get; set; }
+
+    /// <summary>
+    /// The user acting on behalf of party can be an enterprise users
+    /// </summary>
+    public bool EnterpriseUserEnabled { get; set; }
+
+    /// <summary>
+    /// ResourceType
+    /// </summary>
+    [JsonConverter(typeof(JsonStringEnumConverter))]
+    public ResourceType ResourceType { get; set; }
+
+    /// <summary>
+    /// Available for type defines which type of entity / person that resource targets
+    /// </summary>
+    public List<ResourcePartyType>? AvailableForType { get; set; }
+
+    /// <summary>
+    /// List of autorizationReference attributes to reference this resource in authorization API
+    /// </summary>
+    public List<AuthorizationReferenceAttribute>? AuthorizationReference { get; set; }
+
+    /// <summary>
+    /// Writes key information when this object is written to Log.
+    /// </summary>
+    /// <returns></returns>
+    public override string ToString()
+    {
+        return $"Identifier: {Identifier}, ResourceType: {ResourceType}";
+    }
+}
diff --git a/src/Authorization/Program.cs b/src/Authorization/Program.cs
index ce1b798e..b83f03a1 100644
--- a/src/Authorization/Program.cs
+++ b/src/Authorization/Program.cs
@@ -1,15 +1,20 @@
 using System;
+using System.Collections.Generic;
 using System.IO;
 using System.Reflection;
 using System.Threading.Tasks;
 using Altinn.ApiClients.Maskinporten.Extensions;
 using Altinn.ApiClients.Maskinporten.Services;
+using Altinn.Common.AccessToken;
+using Altinn.Common.AccessToken.Configuration;
+using Altinn.Common.AccessToken.Services;
 using Altinn.Common.AccessTokenClient.Services;
 using Altinn.Common.PEP.Authorization;
 using Altinn.Platform.Authorization.Clients;
 using Altinn.Platform.Authorization.Clients.Interfaces;
 using Altinn.Platform.Authorization.Configuration;
 using Altinn.Platform.Authorization.Constants;
+using Altinn.Platform.Authorization.Extensions;
 using Altinn.Platform.Authorization.Filters;
 using Altinn.Platform.Authorization.Health;
 using Altinn.Platform.Authorization.ModelBinding;
@@ -20,8 +25,6 @@
 using Altinn.Platform.Authorization.Services.Interface;
 using Altinn.Platform.Authorization.Services.Interfaces;
 using Altinn.Platform.Telemetry;
-
-using AltinnCore.Authentication.Constants;
 using AltinnCore.Authentication.JwtCookie;
 
 using Azure.Identity;
@@ -46,7 +49,7 @@
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
 using Npgsql;
-
+using Swashbuckle.AspNetCore.Filters;
 using Yuniql.AspNetCore;
 using Yuniql.PostgreSql;
 
@@ -213,12 +216,15 @@ void ConfigureServices(IServiceCollection services, IConfiguration config)
     services.AddSingleton<IDelegationChangeEventQueue, DelegationChangeEventQueue>();
     services.AddSingleton<IEventMapperService, EventMapperService>();
     services.AddSingleton<IAccessManagementWrapper, AccessManagementWrapper>();
+    services.AddSingleton<IAccessListAuthorization, AccessListAuthorization>();
+    services.AddSingleton<IPublicSigningKeyProvider, PublicSigningKeyProvider>();
 
     services.Configure<GeneralSettings>(config.GetSection("GeneralSettings"));
     services.Configure<AzureStorageConfiguration>(config.GetSection("AzureStorageConfiguration"));
     services.Configure<AzureCosmosSettings>(config.GetSection("AzureCosmosSettings"));
     services.Configure<PostgreSQLSettings>(config.GetSection("PostgreSQLSettings"));
     services.Configure<PlatformSettings>(config.GetSection("PlatformSettings"));
+    services.Configure<KeyVaultSettings>(config.GetSection("kvSetting"));
     OedAuthzMaskinportenClientSettings oedAuthzMaskinportenClientSettings = config.GetSection("OedAuthzMaskinportenClientSettings").Get<OedAuthzMaskinportenClientSettings>();
     services.Configure<OedAuthzMaskinportenClientSettings>(config.GetSection("OedAuthzMaskinportenClientSettings"));
     services.AddMaskinportenHttpClient<SettingsJwkClientDefinition, OedAuthzMaskinportenClientDefinition>(oedAuthzMaskinportenClientSettings);
@@ -232,7 +238,6 @@ void ConfigureServices(IServiceCollection services, IConfiguration config)
     services.AddHttpClient<ResourceRegistryClient>();
     services.AddHttpClient<OedAuthzClient>();
     services.TryAddSingleton<IHttpContextAccessor, HttpContextAccessor>();
-    services.AddSingleton<IAccessTokenGenerator, AccessTokenGenerator>();
     services.AddTransient<ISigningCredentialsResolver, SigningCredentialsResolver>();
     services.AddSingleton<IEventsQueueClient, EventsQueueClient>();
     services.AddSingleton<IEventLog, EventLogService>();
@@ -263,12 +268,16 @@ void ConfigureServices(IServiceCollection services, IConfiguration config)
     {
         options.AddPolicy(AuthzConstants.POLICY_STUDIO_DESIGNER, policy => policy.Requirements.Add(new ClaimAccessRequirement("urn:altinn:app", "studio.designer")));
         options.AddPolicy(AuthzConstants.ALTINNII_AUTHORIZATION, policy => policy.Requirements.Add(new ClaimAccessRequirement("urn:altinn:app", "sbl.authorization")));
+        options.AddPolicy(AuthzConstants.POLICY_PLATFORMISSUER_ACCESSTOKEN, policy => policy.Requirements.Add(new AccessTokenRequirement(AuthzConstants.PLATFORM_ACCESSTOKEN_ISSUER)));
         options.AddPolicy(AuthzConstants.DELEGATIONEVENT_FUNCTION_AUTHORIZATION, policy => policy.Requirements.Add(new ClaimAccessRequirement("urn:altinn:app", "platform.authorization")));
-        options.AddPolicy(AuthzConstants.AUTHORIZESCOPEACCESS, policy => policy.Requirements.Add(new ScopeAccessRequirement(new string[] { AuthzConstants.PDP_SCOPE, AuthzConstants.AUTHORIZE_SCOPE, AuthzConstants.AUTHORIZE_ADMIN_SCOPE })));
+        options.AddPolicy(AuthzConstants.AUTHORIZESCOPEACCESS, policy => policy.Requirements.Add(new ScopeAccessRequirement([AuthzConstants.AUTHORIZE_SCOPE, AuthzConstants.AUTHORIZE_ADMIN_SCOPE])));
     });
 
     services.AddTransient<IAuthorizationHandler, ClaimAccessHandler>();
     services.AddTransient<IAuthorizationHandler, ScopeAccessHandler>();
+    services.AddSingleton<IAuthorizationHandler, AccessTokenHandler>();
+
+    services.AddPlatformAccessTokenSupport(config, builder.Environment.IsDevelopment());
 
     services.Configure<KestrelServerOptions>(options =>
     {
@@ -298,21 +307,61 @@ void ConfigureServices(IServiceCollection services, IConfiguration config)
     });
 
     // Add Swagger support (Swashbuckle)
-    services.AddSwaggerGen(c =>
+    services.AddSwaggerGen(options =>
     {
-        c.SwaggerDoc("v1", new OpenApiInfo { Title = "Altinn Platform Authorization", Version = "v1" });
+        options.SwaggerDoc("v1", new OpenApiInfo { Title = "Altinn Platform Authorization", Version = "v1" });
 
         try
         {
             string filePath = GetXmlCommentsPathForControllers();
-            c.IncludeXmlComments(filePath);
+            options.IncludeXmlComments(filePath);
         }
         catch
         {
             // catch swashbuckle exception if it doesn't find the generated xml documentation file
         }
+
+        options.AddSecurityDefinition("AuthorizeAPI", new OpenApiSecurityScheme
+        {
+            Name = "AuthorizeAPI",
+            Description = $"Requires one of the following Scopes: [{AuthzConstants.AUTHORIZE_SCOPE}, {AuthzConstants.AUTHORIZE_ADMIN_SCOPE}]",
+            Type = SecuritySchemeType.Http,
+            In = ParameterLocation.Header,
+            Scheme = "bearer",
+            BearerFormat = "JWT"
+        });
+        options.AddSecurityDefinition("SubscriptionKey", new OpenApiSecurityScheme
+        {
+            Name = "SubscriptionKey",
+            Description = $"Requires a valid product subscription key as header value: \"Ocp-Apim-Subscription-Key\"",
+            Type = SecuritySchemeType.ApiKey,
+            In = ParameterLocation.Header
+        });
+        options.OperationFilter<SecurityRequirementsOperationFilter>();
+
+        var originalIdSelector = options.SchemaGeneratorOptions.SchemaIdSelector;
+        options.SchemaGeneratorOptions.SchemaIdSelector = (Type t) =>
+        {
+            if (!t.IsNested)
+            {
+                return originalIdSelector(t);
+            }
+
+            var chain = new List<string>();
+            do
+            {
+                chain.Add(originalIdSelector(t));
+                t = t.DeclaringType;
+            }
+            while (t != null);
+
+            chain.Reverse();
+            return string.Join(".", chain);
+        };
     });
 
+    services.AddUrnSwaggerSupport();
+
     services.AddFeatureManagement();
 }
 
diff --git a/src/Authorization/Services/Implementation/AccessListAuthorization.cs b/src/Authorization/Services/Implementation/AccessListAuthorization.cs
new file mode 100644
index 00000000..8983baf2
--- /dev/null
+++ b/src/Authorization/Services/Implementation/AccessListAuthorization.cs
@@ -0,0 +1,49 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
+using Altinn.Authorization.Enums;
+using Altinn.Authorization.Models.ResourceRegistry;
+using Altinn.Authorization.ProblemDetails;
+using Altinn.Platform.Authorization.Models;
+using Altinn.Platform.Authorization.Services.Interface;
+
+namespace Altinn.Platform.Authorization.Services.Implementation;
+
+/// <summary>
+/// The service used to map internal delegation change to delegation change events and push them to the event queue.
+/// </summary>
+public class AccessListAuthorization : IAccessListAuthorization
+{
+    private readonly IResourceRegistry _client;
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="AccessListAuthorization"/> class.
+    /// </summary>
+    public AccessListAuthorization(IResourceRegistry client)
+    {
+        _client = client;
+    }
+
+    /// <inheritdoc/>
+    public async Task<Result<AccessListAuthorizationResponse>> Authorize(AccessListAuthorizationRequest request, CancellationToken cancellationToken = default)
+    {
+        AccessListAuthorizationResponse response = AccessListAuthorizationResponse.From(request);
+        IEnumerable<AccessListResourceMembershipWithActionFilterDto> memberships = await _client.GetMembershipsForResourceForParty(request.Subject.Value, request.Resource.Value, cancellationToken);
+
+        if (memberships == null || !memberships.Any())
+        {
+            response.Result = AccessListAuthorizationResult.NotAuthorized;
+        }
+        else if (memberships.Any(m => m.ActionFilters == null || m.ActionFilters.Any(actionFilter => actionFilter == request.Action.Value.ValueSpan.ToString())))
+        {
+            response.Result = AccessListAuthorizationResult.Authorized;
+        }
+        else
+        {
+            response.Result = AccessListAuthorizationResult.NotAuthorized;
+        }
+
+        return new(response);
+    }
+}
diff --git a/src/Authorization/Services/Implementation/ContextHandler.cs b/src/Authorization/Services/Implementation/ContextHandler.cs
index 6fa7a1bc..d0fd578d 100644
--- a/src/Authorization/Services/Implementation/ContextHandler.cs
+++ b/src/Authorization/Services/Implementation/ContextHandler.cs
@@ -183,11 +183,11 @@ protected async Task EnrichResourceParty(XacmlContextAttributes requestResourceA
         {
             if (string.IsNullOrEmpty(resourceAttributes.ResourcePartyValue) && !string.IsNullOrEmpty(resourceAttributes.OrganizationNumber))
             {
-                int partyId = await _registerService.PartyLookup(resourceAttributes.OrganizationNumber, null);
-                if (partyId != 0)
+                Party party = await _registerService.PartyLookup(resourceAttributes.OrganizationNumber, null);
+                if (party != null)
                 {
-                    resourceAttributes.ResourcePartyValue = partyId.ToString();
-                    requestResourceAttributes.Attributes.Add(GetPartyIdsAttribute(new List<int> { partyId }));
+                    resourceAttributes.ResourcePartyValue = party.PartyId.ToString();
+                    requestResourceAttributes.Attributes.Add(GetPartyIdsAttribute(new List<int> { party.PartyId }));
                 }
             }
             else if (string.IsNullOrEmpty(resourceAttributes.ResourcePartyValue) && !string.IsNullOrEmpty(resourceAttributes.PersonId))
@@ -197,11 +197,11 @@ protected async Task EnrichResourceParty(XacmlContextAttributes requestResourceA
                     throw new ArgumentException("Not allowed to use ssn for internal API");
                 }
 
-                int partyId = await _registerService.PartyLookup(null, resourceAttributes.PersonId);
-                if (partyId != 0)
+                Party party = await _registerService.PartyLookup(null, resourceAttributes.PersonId);
+                if (party != null)
                 {
-                    resourceAttributes.ResourcePartyValue = partyId.ToString();
-                    requestResourceAttributes.Attributes.Add(GetPartyIdsAttribute(new List<int> { partyId }));
+                    resourceAttributes.ResourcePartyValue = party.PartyId.ToString();
+                    requestResourceAttributes.Attributes.Add(GetPartyIdsAttribute(new List<int> { party.PartyId }));
                 }
             }
         }
@@ -397,8 +397,8 @@ protected async Task EnrichSubjectAttributes(XacmlContextRequest request, string
 
             if (isExternalRequest && !string.IsNullOrEmpty(subjectOrgnNo))
             {
-                int partyId = await _registerService.PartyLookup(subjectOrgnNo, null);
-                subjectContextAttributes.Attributes.Add(GetPartyIdsAttribute(new List<int> { partyId }));
+                Party party = await _registerService.PartyLookup(subjectOrgnNo, null);
+                subjectContextAttributes.Attributes.Add(GetPartyIdsAttribute(new List<int> { party.PartyId }));
             }
 
             // No need for further enrichment of roles of no user subject exists
diff --git a/src/Authorization/Services/Implementation/DelegationContextHandler.cs b/src/Authorization/Services/Implementation/DelegationContextHandler.cs
index 747d6777..7f23f6b4 100644
--- a/src/Authorization/Services/Implementation/DelegationContextHandler.cs
+++ b/src/Authorization/Services/Implementation/DelegationContextHandler.cs
@@ -1,9 +1,10 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Reflection;
 using System.Threading;
 using System.Threading.Tasks;
-using Altinn.Authorization.ABAC.Interface;
+using Altinn.Authorization.ABAC.Constants;
 using Altinn.Authorization.ABAC.Xacml;
 using Altinn.Platform.Authorization.Configuration;
 using Altinn.Platform.Authorization.Constants;
@@ -112,6 +113,13 @@ public XacmlResourceAttributes GetResourceAttributes(XacmlContextRequest request
             return GetResourceAttributeValues(resourceContextAttributes);
         }
 
+        /// <inheritdoc/>
+        public string GetActionString(XacmlContextRequest request)
+        {
+            XacmlContextAttributes actionAttributes = request.Attributes.FirstOrDefault(a => a.Category.OriginalString.Equals(XacmlConstants.MatchAttributeCategory.Action));
+            return actionAttributes?.Attributes.FirstOrDefault(a => a.AttributeId.OriginalString.Equals(XacmlConstants.MatchAttributeIdentifiers.ActionId))?.AttributeValues.FirstOrDefault()?.Value;
+        }
+
         /// <summary>
         /// Gets the list of mainunits for a subunit
         /// </summary>
diff --git a/src/Authorization/Services/Implementation/DevAccessTokenGenerator.cs b/src/Authorization/Services/Implementation/DevAccessTokenGenerator.cs
new file mode 100644
index 00000000..299618f0
--- /dev/null
+++ b/src/Authorization/Services/Implementation/DevAccessTokenGenerator.cs
@@ -0,0 +1,47 @@
+using System.Diagnostics.CodeAnalysis;
+using System.Net.Http;
+using System.Security.Cryptography.X509Certificates;
+using Altinn.Common.AccessTokenClient.Services;
+using Altinn.Platform.Authorization.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Altinn.Authorization.Services;
+
+/// <summary>
+/// Sets up an access token generator for development environment using the web based Altinn test token generator.
+/// </summary>
+[ExcludeFromCodeCoverage]
+public class DevAccessTokenGenerator : IAccessTokenGenerator
+{
+    private readonly TokenGeneratorSettings _settings;
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="DevAccessTokenGenerator"/> class.
+    /// </summary>
+    public DevAccessTokenGenerator(IOptions<TokenGeneratorSettings> settings)
+    {
+        _settings = settings.Value;
+    }
+
+    /// <inheritdoc/>
+    public string GenerateAccessToken(string issuer, string app)
+    {
+        return GetToken(app);
+    }
+
+    /// <inheritdoc/>
+    public string GenerateAccessToken(string issuer, string app, X509Certificate2 certificate)
+    {
+        return GetToken(app);
+    }
+
+    private string GetToken(string app)
+    {
+        var request = new HttpRequestMessage(HttpMethod.Get, $"{_settings.Url}?env={_settings.Env}&app={app}");
+        request.Headers.Authorization = new BasicAuthenticationHeaderValue(_settings.User, _settings.Password);
+
+        using HttpClient client = new HttpClient();
+        var response = client.SendAsync(request).Result.EnsureSuccessStatusCode();
+        return response.Content.ReadAsStringAsync().Result;
+    }
+}
diff --git a/src/Authorization/Services/Implementation/RegisterService.cs b/src/Authorization/Services/Implementation/RegisterService.cs
index 2700b90c..4e92e817 100644
--- a/src/Authorization/Services/Implementation/RegisterService.cs
+++ b/src/Authorization/Services/Implementation/RegisterService.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
@@ -12,6 +13,7 @@
 using Altinn.Platform.Register.Models;
 using AltinnCore.Authentication.Utils;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
@@ -20,6 +22,7 @@ namespace Altinn.Platform.Authorization.Services
     /// <summary>
     /// Handles register service
     /// </summary>
+    [ExcludeFromCodeCoverage]
     public class RegisterService : IRegisterService
     {
         private readonly HttpClient _client;
@@ -27,6 +30,7 @@ public class RegisterService : IRegisterService
         private readonly GeneralSettings _generalSettings;
         private readonly IAccessTokenGenerator _accessTokenGenerator;
         private readonly ILogger<IRegisterService> _logger;
+        private readonly IMemoryCache _memoryCache;
         private readonly JsonSerializerOptions _serializerOptions = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
 
         /// <summary>
@@ -38,7 +42,8 @@ public RegisterService(
             IAccessTokenGenerator accessTokenGenerator,
             IOptions<GeneralSettings> generalSettings,
             IOptions<PlatformSettings> platformSettings,
-            ILogger<IRegisterService> logger)
+            ILogger<IRegisterService> logger,
+            IMemoryCache memoryCache)
         {
             httpClient.BaseAddress = new Uri(platformSettings.Value.ApiRegisterEndpoint);
             httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
@@ -47,58 +52,94 @@ public RegisterService(
             _generalSettings = generalSettings.Value;
             _accessTokenGenerator = accessTokenGenerator;
             _logger = logger;
+            _memoryCache = memoryCache;
         }
 
         /// <inheritdoc/>
         public async Task<Party> GetParty(int partyId)
         {
-            Party party = null;
+            string cacheKey = $"p:{partyId}";
+            if (!_memoryCache.TryGetValue(cacheKey, out Party party))
+            {
+                string endpointUrl = $"parties/{partyId}";
+                string token = JwtTokenUtil.GetTokenFromContext(_httpContextAccessor.HttpContext, _generalSettings.RuntimeCookieName);
+                string accessToken = _accessTokenGenerator.GenerateAccessToken("platform", "authorization");
 
-            string endpointUrl = $"parties/{partyId}";
-            string token = JwtTokenUtil.GetTokenFromContext(_httpContextAccessor.HttpContext, _generalSettings.RuntimeCookieName);
-            string accessToken = _accessTokenGenerator.GenerateAccessToken("platform", "authorization");
+                HttpResponseMessage response = await _client.GetAsync(endpointUrl, token, accessToken);
 
-            HttpResponseMessage response = await _client.GetAsync(token, endpointUrl, accessToken);
-            if (response.StatusCode == HttpStatusCode.OK)
-            {
-                string responseContent = await response.Content.ReadAsStringAsync();
-                party = JsonSerializer.Deserialize<Party>(responseContent, _serializerOptions);
-            }
-            else
-            {
-                _logger.LogError("// Getting party with partyID {partyId} failed with statuscode {response.StatusCode}", partyId, response.StatusCode);
+                if (response.StatusCode == HttpStatusCode.OK)
+                {
+                    string responseContent = await response.Content.ReadAsStringAsync();
+                    party = JsonSerializer.Deserialize<Party>(responseContent, _serializerOptions);
+                    PutInCache(cacheKey, 10, party);
+                }
+                else
+                {
+                    _logger.LogError("// Getting party with partyID {partyId} failed with statuscode {response.StatusCode}", partyId, response.StatusCode);
+                }
             }
 
             return party;
         }
 
         /// <inheritdoc/>
-        public async Task<int> PartyLookup(string orgNo, string person)
+        public async Task<Party> PartyLookup(string orgNo, string person)
         {
-            string endpointUrl = "parties/lookup";
-
-            PartyLookup partyLookup = new PartyLookup() { Ssn = person, OrgNo = orgNo };
+            string cacheKey;
+            PartyLookup partyLookup;
 
-            string bearerToken = JwtTokenUtil.GetTokenFromContext(_httpContextAccessor.HttpContext, _generalSettings.RuntimeCookieName);
-            string accessToken = _accessTokenGenerator.GenerateAccessToken("platform", "authorization");
-
-            StringContent content = new StringContent(JsonSerializer.Serialize(partyLookup));
-            content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/json");
-
-            HttpResponseMessage response = await _client.PostAsync(bearerToken, endpointUrl, content, accessToken);
-            if (response.StatusCode == HttpStatusCode.OK)
+            if (!string.IsNullOrWhiteSpace(orgNo))
+            {
+                cacheKey = $"org:{orgNo}";
+                partyLookup = new PartyLookup { OrgNo = orgNo };
+            }
+            else if (!string.IsNullOrWhiteSpace(person))
             {
-                string responseContent = await response.Content.ReadAsStringAsync();
-                Party party = JsonSerializer.Deserialize<Party>(responseContent, _serializerOptions);
-                return party.PartyId;
+                cacheKey = $"fnr:{person}";
+                partyLookup = new PartyLookup { Ssn = person };
             }
             else
             {
-                string reason = await response.Content.ReadAsStringAsync();
-                _logger.LogError("// RegisterService // PartyLookup // Failed to lookup party in platform register. Response {response}. \n Reason {reason}.", response, reason);
+                return null;
+            }
 
-                throw await PlatformHttpException.CreateAsync(response);
+            if (!_memoryCache.TryGetValue(cacheKey, out Party party))
+            {
+                string endpointUrl = "parties/lookup";
+
+                string bearerToken = JwtTokenUtil.GetTokenFromContext(_httpContextAccessor.HttpContext, _generalSettings.RuntimeCookieName);
+                string accessToken = _accessTokenGenerator.GenerateAccessToken("platform", "authorization");
+
+                StringContent content = new StringContent(JsonSerializer.Serialize(partyLookup));
+                content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/json");
+
+                HttpResponseMessage response = await _client.PostAsync(endpointUrl, content, bearerToken, accessToken);
+
+                if (response.StatusCode == HttpStatusCode.OK)
+                {
+                    string responseContent = await response.Content.ReadAsStringAsync();
+                    party = JsonSerializer.Deserialize<Party>(responseContent, _serializerOptions);
+                    PutInCache(cacheKey, 10, party);
+                }
+                else
+                {
+                    string reason = await response.Content.ReadAsStringAsync();
+                    _logger.LogError("// RegisterService // PartyLookup // Failed to lookup party in platform register. Response {response}. \n Reason {reason}.", response, reason);
+
+                    throw await PlatformHttpException.CreateAsync(response);
+                }
             }
+
+            return party;
+        }
+
+        private void PutInCache(string cachekey, int cacheTimeout, object cacheObject)
+        {
+            var cacheEntryOptions = new MemoryCacheEntryOptions()
+               .SetPriority(CacheItemPriority.High)
+               .SetAbsoluteExpiration(new TimeSpan(0, cacheTimeout, 0));
+
+            _memoryCache.Set(cachekey, cacheObject, cacheEntryOptions);
         }
     }
 }
diff --git a/src/Authorization/Services/Implementation/ResourceRegistryWrapper.cs b/src/Authorization/Services/Implementation/ResourceRegistryWrapper.cs
index 1f41ae01..adb451a5 100644
--- a/src/Authorization/Services/Implementation/ResourceRegistryWrapper.cs
+++ b/src/Authorization/Services/Implementation/ResourceRegistryWrapper.cs
@@ -1,12 +1,21 @@
 using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.IO;
+using System.Net;
 using System.Net.Http;
+using System.Net.Http.Json;
+using System.Text.Json;
+using System.Threading;
 using System.Threading.Tasks;
 using Altinn.Authorization.ABAC.Xacml;
+using Altinn.Authorization.Models.Register;
+using Altinn.Authorization.Models.ResourceRegistry;
+using Altinn.Common.AccessTokenClient.Services;
 using Altinn.Platform.Authorization.Clients;
 using Altinn.Platform.Authorization.Configuration;
+using Altinn.Platform.Authorization.Extensions;
 using Altinn.Platform.Authorization.Helpers;
-using Altinn.Platform.Authorization.Models;
 using Altinn.Platform.Authorization.Services.Interface;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Options;
@@ -16,53 +25,102 @@ namespace Altinn.Platform.Authorization.Services.Implementation
     /// <summary>
     /// Wrapper for resource registry
     /// </summary>
+    [ExcludeFromCodeCoverage]
     public class ResourceRegistryWrapper : IResourceRegistry
     {
-        private readonly ResourceRegistryClient _client;
+        private readonly ResourceRegistryClient _resourceRegistry;
+        private readonly IAccessTokenGenerator _accessTokenGenerator;
         private readonly IMemoryCache _memoryCache;
         private readonly GeneralSettings _generalSettings;
+        private readonly JsonSerializerOptions _jsonOptions;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="ResourceRegistryWrapper"/> class.
         /// </summary>
-        public ResourceRegistryWrapper(ResourceRegistryClient resourceRegistryClient, IMemoryCache memoryCache, IOptions<GeneralSettings> settings)
+        public ResourceRegistryWrapper(ResourceRegistryClient resourceRegistryClient, IAccessTokenGenerator accessTokenGenerator, IMemoryCache memoryCache, IOptions<GeneralSettings> settings)
         {
-            _client = resourceRegistryClient;
+            _resourceRegistry = resourceRegistryClient;
             _generalSettings = settings.Value;
             _memoryCache = memoryCache;
+            _accessTokenGenerator = accessTokenGenerator;
+            _jsonOptions = new JsonSerializerOptions
+            {
+                PropertyNameCaseInsensitive = true,
+                PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
+            };
+        }
+
+        /// <inheritdoc/>
+        public async Task<ServiceResource> GetResourceAsync(string resourceId, CancellationToken cancellationToken = default)
+        {
+            string cacheKey = "r:" + resourceId;
+            if (!_memoryCache.TryGetValue(cacheKey, out ServiceResource resource))
+            {
+                string apiurl = $"resource/{resourceId}";
+                HttpResponseMessage response = await _resourceRegistry.Client.GetAsync(apiurl, cancellationToken);
+
+                if (response.StatusCode == HttpStatusCode.OK)
+                {
+                    resource = await response.Content.ReadFromJsonAsync<ServiceResource>(_jsonOptions, cancellationToken);
+                    PutInCache(cacheKey, _generalSettings.PolicyCacheTimeout, resource);
+                }
+            }
+
+            return resource;
         }
 
         /// <inheritdoc/>
-        public async Task<XacmlPolicy> GetResourcePolicyAsync(string resourceId)
+        public async Task<XacmlPolicy> GetResourcePolicyAsync(string resourceId, CancellationToken cancellationToken = default)
         {
             string cacheKey = "resourcepolicy:" + resourceId;
             if (!_memoryCache.TryGetValue(cacheKey, out XacmlPolicy policy))
             {
                 string apiurl = $"resource/{resourceId}/policy";
-                HttpResponseMessage response = await _client.Client.GetAsync(apiurl);
+                HttpResponseMessage response = await _resourceRegistry.Client.GetAsync(apiurl, cancellationToken);
 
-                if (response.StatusCode == System.Net.HttpStatusCode.OK)
+                if (response.StatusCode == HttpStatusCode.OK)
                 {
-                    Stream policyBlob = await response.Content.ReadAsStreamAsync();
+                    Stream policyBlob = await response.Content.ReadAsStreamAsync(cancellationToken);
                     using (policyBlob)
                     {
                         policy = (policyBlob.Length > 0) ? PolicyHelper.ParsePolicy(policyBlob) : null;
                     }
 
-                    PutXacmlPolicyInCache(cacheKey, policy);
+                    PutInCache(cacheKey, _generalSettings.PolicyCacheTimeout, policy);
                 }
             }
 
             return policy;
         }
 
-        private void PutXacmlPolicyInCache(string cachekey, XacmlPolicy policy)
+        /// <inheritdoc/>
+        public async Task<IEnumerable<AccessListResourceMembershipWithActionFilterDto>> GetMembershipsForResourceForParty(PartyUrn partyUrn, ResourceIdUrn resourceIdUrn, CancellationToken cancellationToken = default)
+        {
+            string cacheKey = $"AccListMemb|{partyUrn}|{resourceIdUrn}";
+            if (!_memoryCache.TryGetValue(cacheKey, out IEnumerable<AccessListResourceMembershipWithActionFilterDto> memberships))
+            {
+                string apiurl = $"access-lists/memberships?party={partyUrn}&resource={resourceIdUrn}";
+                string accessToken = _accessTokenGenerator.GenerateAccessToken("platform", "authorization");
+                HttpResponseMessage response = await _resourceRegistry.Client.GetAsync(apiurl, platformAccessToken: accessToken, cancellationToken: cancellationToken);
+
+                if (response.StatusCode == HttpStatusCode.OK)
+                {
+                    ListObject<AccessListResourceMembershipWithActionFilterDto> result = await response.Content.ReadFromJsonAsync<ListObject<AccessListResourceMembershipWithActionFilterDto>>(_jsonOptions, cancellationToken);
+                    memberships = result.Items;
+                    PutInCache(cacheKey, _generalSettings.PolicyCacheTimeout, memberships);
+                }
+            }
+
+            return memberships;
+        }
+
+        private void PutInCache(string cachekey, int cacheTimeout, object cacheObject)
         {
             var cacheEntryOptions = new MemoryCacheEntryOptions()
                .SetPriority(CacheItemPriority.High)
-               .SetAbsoluteExpiration(new TimeSpan(0, _generalSettings.PolicyCacheTimeout, 0));
+               .SetAbsoluteExpiration(new TimeSpan(0, cacheTimeout, 0));
 
-            _memoryCache.Set(cachekey, policy, cacheEntryOptions);
+            _memoryCache.Set(cachekey, cacheObject, cacheEntryOptions);
         }
     }
 }
diff --git a/src/Authorization/Services/Interface/IAccessListAuthorization.cs b/src/Authorization/Services/Interface/IAccessListAuthorization.cs
new file mode 100644
index 00000000..2860c0e0
--- /dev/null
+++ b/src/Authorization/Services/Interface/IAccessListAuthorization.cs
@@ -0,0 +1,20 @@
+using System.Threading;
+using System.Threading.Tasks;
+using Altinn.Authorization.ProblemDetails;
+using Altinn.Platform.Authorization.Models;
+
+namespace Altinn.Platform.Authorization.Services.Interface;
+
+/// <summary>
+/// The service used to map internal delegation change to delegation change events and push them to the event queue.
+/// </summary>
+public interface IAccessListAuthorization
+{
+    /// <summary>
+    /// Authorization of a given party for a resource, through RRR access lists
+    /// </summary>
+    /// <param name="request">Accesslist authorization request model</param>
+    /// <param name="cancellationToken">The <see cref="CancellationToken"/></param>
+    /// <returns>Boolean whether the access list authorization check passes or not</returns>
+    public Task<Result<AccessListAuthorizationResponse>> Authorize(AccessListAuthorizationRequest request, CancellationToken cancellationToken = default);
+}
diff --git a/src/Authorization/Services/Interface/IDelegationContextHandler.cs b/src/Authorization/Services/Interface/IDelegationContextHandler.cs
index 31cb63c3..8672b8c5 100644
--- a/src/Authorization/Services/Interface/IDelegationContextHandler.cs
+++ b/src/Authorization/Services/Interface/IDelegationContextHandler.cs
@@ -47,6 +47,13 @@ public interface IDelegationContextHandler : IContextHandler
         /// <returns>XacmlResourceAttributes model</returns>
         public XacmlResourceAttributes GetResourceAttributes(XacmlContextRequest request);
 
+        /// <summary>
+        /// Gets a the Action string from the XacmlContextRequest
+        /// </summary>
+        /// <param name="request">The Xacml Context Request</param>
+        /// <returns>Action attribute string value</returns>
+        public string GetActionString(XacmlContextRequest request);
+
         /// <summary>
         /// Gets the list of mainunits for a subunit
         /// </summary>
diff --git a/src/Authorization/Services/Interface/IRegisterService.cs b/src/Authorization/Services/Interface/IRegisterService.cs
index 3fc09d65..6381ea31 100644
--- a/src/Authorization/Services/Interface/IRegisterService.cs
+++ b/src/Authorization/Services/Interface/IRegisterService.cs
@@ -21,6 +21,6 @@ public interface IRegisterService
         /// <param name="orgNo">organisation number</param>
         /// <param name="person">f or d number</param>
         /// <returns></returns>
-        Task<int> PartyLookup(string orgNo, string person);
+        Task<Party> PartyLookup(string orgNo, string person);
     }
 }
diff --git a/src/Authorization/Services/Interface/IResourceRegistry.cs b/src/Authorization/Services/Interface/IResourceRegistry.cs
index 568ef1b5..b6388d85 100644
--- a/src/Authorization/Services/Interface/IResourceRegistry.cs
+++ b/src/Authorization/Services/Interface/IResourceRegistry.cs
@@ -1,18 +1,39 @@
-using System.Threading.Tasks;
+using System.Collections.Generic;
+using System.Threading;
+using System.Threading.Tasks;
 using Altinn.Authorization.ABAC.Xacml;
+using Altinn.Authorization.Models.Register;
+using Altinn.Authorization.Models.ResourceRegistry;
 
-namespace Altinn.Platform.Authorization.Services.Interface
+namespace Altinn.Platform.Authorization.Services.Interface;
+
+/// <summary>
+/// Interface for resource registry
+/// </summary>
+public interface IResourceRegistry
 {
     /// <summary>
-    /// Interface for resource registry
+    /// Returns the service resource based on the resourceId, if it exists.
+    /// </summary>
+    /// <param name="resourceId">the policyid</param>
+    /// <param name="cancellationToken">The <see cref="CancellationToken"/></param>
+    /// <returns>ServiceResource</returns>
+    Task<ServiceResource> GetResourceAsync(string resourceId, CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Returns a policy based on the resourceId
+    /// </summary>
+    /// <param name="resourceId">the policyid</param>
+    /// <param name="cancellationToken">The <see cref="CancellationToken"/></param>
+    /// <returns>XacmlPolicy</returns>
+    Task<XacmlPolicy> GetResourcePolicyAsync(string resourceId, CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Returns all memberships a given party has access to through access lists, for a given resource.
     /// </summary>
-    public interface IResourceRegistry
-    {
-        /// <summary>
-        /// Returns a policy based on the resourceId
-        /// </summary>
-        /// <param name="resourceId">the policyid</param>
-        /// <returns>XacmlPolicy</returns>
-        Task<XacmlPolicy> GetResourcePolicyAsync(string resourceId);
-    }
+    /// <param name="partyUrn">Urn identifying the party</param>
+    /// <param name="resourceIdUrn">Urn identifying the resource</param>
+    /// <param name="cancellationToken">The <see cref="CancellationToken"/></param>
+    /// <returns>List of memberships</returns>
+    Task<IEnumerable<AccessListResourceMembershipWithActionFilterDto>> GetMembershipsForResourceForParty(PartyUrn partyUrn, ResourceIdUrn resourceIdUrn, CancellationToken cancellationToken = default);
 }
diff --git a/src/Authorization/appsettings.Development.json b/src/Authorization/appsettings.Development.json
index e203e940..0bbe6dcb 100644
--- a/src/Authorization/appsettings.Development.json
+++ b/src/Authorization/appsettings.Development.json
@@ -5,5 +5,11 @@
       "System": "Information",
       "Microsoft": "Information"
     }
+  },
+  "TokenGeneratorSettings": {
+    "Url": "https://altinn-testtools-token-generator.azurewebsites.net/api/GetPlatformAccessToken",
+    "User": "",
+    "Password": "",
+    "Env": "at22"
   }
 }
diff --git a/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC1_Delegation_Permit.bru b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC1_Delegation_Permit.bru
new file mode 100644
index 00000000..4cb1db40
--- /dev/null
+++ b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC1_Delegation_Permit.bru	
@@ -0,0 +1,116 @@
+meta {
+  name: AccessList_AC1_Delegation_Permit
+  type: http
+  seq: 2
+}
+
+post {
+  url: {{baseUrl}}/authorization/api/v1/authorize
+  body: json
+  auth: inherit
+}
+
+headers {
+  Content-Type: application/json
+  Ocp-Apim-Subscription-Key: {{apimSubscriptionKey}}
+}
+
+body:json {
+  /*
+  See Docs tab for test case description
+  */
+  {
+      "Request": {
+          "ReturnPolicyIdList": false,
+          "AccessSubject": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:person:identifier-no",
+                          "Value": "08827798585"
+                      }
+                  ]
+              }
+          ],
+          "Action": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+                          "Value": "read",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ],
+          "Resource": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:resource",
+                          "Value": "devtest_gar_bruno_accesslist"
+                      },
+                      {
+                          "AttributeId": "urn:altinn:organization:identifier-no",
+                          "Value": "313776735",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ]
+      }
+  }
+}
+
+assert {
+  ~res.status: eq 200
+  ~res.body: contains created
+}
+
+script:pre-request {
+  const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+  const sharedtestdata = require(`./Testdata/Authorization/sharedtestdata.json`);
+  
+  var getTokenParameters = {
+    auth_tokenType: sharedtestdata.authTokenType.enterprise,
+    auth_scopes: sharedtestdata.auth_scopes.authorize,
+    auth_org: "digdir",
+    auth_orgNo: "991825827"
+  }
+  
+  const token = await testTokenGenerator.getToken(getTokenParameters);
+  
+  bru.setVar("bearerToken",  token);
+}
+
+script:post-response {
+  //console.log("request url (after): " + req.getUrl());
+}
+
+tests {
+  
+  test("POST Authorize AccessList_AC1_Delegation_Permit result", function() {
+    const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+    const data = res.getBody();  
+    expect(res.status).to.equal(200);
+    expect(data.response[0]).to.have.property('decision', "Permit");
+  });
+}
+
+docs {
+  Issue:
+  https://github.com/Altinn/altinn-access-management/issues/748
+  
+  Acceptance Criteria:
+  AC1 - Avgiver med Tilgangssliste tilgang uten action filter - Permit
+  
+  GITT en bruker med tilgang til ressurs for avgiver gjennom rolle eller enkeltdelegering
+  NÅR ressursen krever tilgangsliste autorisasjon
+  OG avgiver er medlem av minst en tilgangsliste som er knytt til ressursen
+  OG tilgangslisten for ressursen ikke har noe action filter begrensning for gitte actions
+  SÅ skal bruker få Permit
+  
+  Scenario/Testdata setup:
+  The user has received delegation of read action for the resource from the party.
+  The party have access list membership for the resource without action filter.
+}
diff --git a/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC1_Permit.bru b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC1_Permit.bru
new file mode 100644
index 00000000..e26fb0d4
--- /dev/null
+++ b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC1_Permit.bru	
@@ -0,0 +1,115 @@
+meta {
+  name: AccessList_AC1_Permit
+  type: http
+  seq: 1
+}
+
+post {
+  url: {{baseUrl}}/authorization/api/v1/authorize
+  body: json
+  auth: inherit
+}
+
+headers {
+  Content-Type: application/json
+  Ocp-Apim-Subscription-Key: {{apimSubscriptionKey}}
+}
+
+body:json {
+  /*
+  See Docs tab for test case description
+  */
+  {
+      "Request": {
+          "ReturnPolicyIdList": false,
+          "AccessSubject": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:person:identifier-no",
+                          "Value": "12819498464"
+                      }
+                  ]
+              }
+          ],
+          "Action": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+                          "Value": "write",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ],
+          "Resource": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:resource",
+                          "Value": "devtest_gar_bruno_accesslist"
+                      },
+                      {
+                          "AttributeId": "urn:altinn:organization:identifier-no",
+                          "Value": "313776735",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ]
+      }
+  }
+}
+
+assert {
+  ~res.status: eq 200
+  ~res.body: contains created
+}
+
+script:pre-request {
+  const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+  const sharedtestdata = require(`./Testdata/Authorization/sharedtestdata.json`);
+  
+  var getTokenParameters = {
+    auth_tokenType: sharedtestdata.authTokenType.enterprise,
+    auth_scopes: sharedtestdata.auth_scopes.authorize,
+    auth_org: "digdir",
+    auth_orgNo: "991825827"
+  }
+  
+  const token = await testTokenGenerator.getToken(getTokenParameters);
+  
+  bru.setVar("bearerToken",  token);
+}
+
+script:post-response {
+  //console.log("request url (after): " + req.getUrl());
+}
+
+tests {
+  
+  test("POST Authorize AccessList_AC1_Permit result", function() {
+    const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+    const data = res.getBody();  
+    expect(res.status).to.equal(200);
+    expect(data.response[0]).to.have.property('decision', "Permit");
+  });
+}
+
+docs {
+  Issue:
+  https://github.com/Altinn/altinn-access-management/issues/748
+  
+  Acceptance Criteria:
+  AC1 - Avgiver med Tilgangssliste tilgang uten action filter - Permit
+  
+  GITT en bruker med tilgang til ressurs for avgiver gjennom rolle eller enkeltdelegering
+  NÅR ressursen krever tilgangsliste autorisasjon
+  OG avgiver er medlem av minst en tilgangsliste som er knytt til ressursen
+  OG tilgangslisten for ressursen ikke har noe action filter begrensning for gitte actions
+  SÅ skal bruker få Permit
+  
+  Scenario/Testdata setup:
+  The user is DAGL for the party. The party have access list membership for the resource without action filter.
+}
diff --git a/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC2_Delegation_Permit.bru b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC2_Delegation_Permit.bru
new file mode 100644
index 00000000..21706781
--- /dev/null
+++ b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC2_Delegation_Permit.bru	
@@ -0,0 +1,116 @@
+meta {
+  name: AccessList_AC2_Delegation_Permit
+  type: http
+  seq: 4
+}
+
+post {
+  url: {{baseUrl}}/authorization/api/v1/authorize
+  body: json
+  auth: inherit
+}
+
+headers {
+  Content-Type: application/json
+  Ocp-Apim-Subscription-Key: {{apimSubscriptionKey}}
+}
+
+body:json {
+  /*
+  See Docs tab for test case description
+  */
+  {
+      "Request": {
+          "ReturnPolicyIdList": false,
+          "AccessSubject": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:person:identifier-no",
+                          "Value": "08827798585"
+                      }
+                  ]
+              }
+          ],
+          "Action": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+                          "Value": "read",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ],
+          "Resource": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:resource",
+                          "Value": "devtest_gar_bruno_accesslist_actionfilter"
+                      },
+                      {
+                          "AttributeId": "urn:altinn:organization:identifier-no",
+                          "Value": "313776735",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ]
+      }
+  }
+}
+
+assert {
+  ~res.status: eq 200
+  ~res.body: contains created
+}
+
+script:pre-request {
+  const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+  const sharedtestdata = require(`./Testdata/Authorization/sharedtestdata.json`);
+  
+  var getTokenParameters = {
+    auth_tokenType: sharedtestdata.authTokenType.enterprise,
+    auth_scopes: sharedtestdata.auth_scopes.authorize,
+    auth_org: "digdir",
+    auth_orgNo: "991825827"
+  }
+  
+  const token = await testTokenGenerator.getToken(getTokenParameters);
+  
+  bru.setVar("bearerToken",  token);
+}
+
+script:post-response {
+  //console.log("request url (after): " + req.getUrl());
+}
+
+tests {
+  
+  test("POST Authorize AccessList_AC2_Delegation_Permit result", function() {
+    const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+    const data = res.getBody();  
+    expect(res.status).to.equal(200);
+    expect(data.response[0]).to.have.property('decision', "Permit");
+  });
+}
+
+docs {
+  Issue:
+  https://github.com/Altinn/altinn-access-management/issues/748
+  
+  Acceptance Criteria:
+  AC2 - Avgiver med Tilgangssliste tilgang med action filter - Permit
+  
+  GITT en bruker med tilgang til ressurs for avgiver gjennom rolle eller enkeltdelegering
+  NÅR ressursen krever tilgangsliste autorisasjon
+  OG avgiver er medlem av minst en tilgangsliste som er knytt til ressursen
+  OG tilgangslisten for ressursen har action filter begrensning som matcher action brukeren skal autoriseres for
+  SÅ skal bruker få Permit
+  
+  Scenario/Testdata setup:
+  The user has received delegation of read action for the resource from the party.
+  The party has access list membership for the resource with action filter for the action: read.
+}
diff --git a/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC2_Permit.bru b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC2_Permit.bru
new file mode 100644
index 00000000..1d454e5e
--- /dev/null
+++ b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC2_Permit.bru	
@@ -0,0 +1,115 @@
+meta {
+  name: AccessList_AC2_Permit
+  type: http
+  seq: 3
+}
+
+post {
+  url: {{baseUrl}}/authorization/api/v1/authorize
+  body: json
+  auth: inherit
+}
+
+headers {
+  Content-Type: application/json
+  Ocp-Apim-Subscription-Key: {{apimSubscriptionKey}}
+}
+
+body:json {
+  /*
+  See Docs tab for test case description
+  */
+  {
+      "Request": {
+          "ReturnPolicyIdList": false,
+          "AccessSubject": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:person:identifier-no",
+                          "Value": "12819498464"
+                      }
+                  ]
+              }
+          ],
+          "Action": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+                          "Value": "read",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ],
+          "Resource": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:resource",
+                          "Value": "devtest_gar_bruno_accesslist_actionfilter"
+                      },
+                      {
+                          "AttributeId": "urn:altinn:organization:identifier-no",
+                          "Value": "313776735",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ]
+      }
+  }
+}
+
+assert {
+  ~res.status: eq 200
+  ~res.body: contains created
+}
+
+script:pre-request {
+  const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+  const sharedtestdata = require(`./Testdata/Authorization/sharedtestdata.json`);
+  
+  var getTokenParameters = {
+    auth_tokenType: sharedtestdata.authTokenType.enterprise,
+    auth_scopes: sharedtestdata.auth_scopes.authorize,
+    auth_org: "digdir",
+    auth_orgNo: "991825827"
+  }
+  
+  const token = await testTokenGenerator.getToken(getTokenParameters);
+  
+  bru.setVar("bearerToken",  token);
+}
+
+script:post-response {
+  //console.log("request url (after): " + req.getUrl());
+}
+
+tests {
+  
+  test("POST Authorize AccessList_AC2_Permit result", function() {
+    const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+    const data = res.getBody();  
+    expect(res.status).to.equal(200);
+    expect(data.response[0]).to.have.property('decision', "Permit");
+  });
+}
+
+docs {
+  Issue:
+  https://github.com/Altinn/altinn-access-management/issues/748
+  
+  Acceptance Criteria:
+  AC2 - Avgiver med Tilgangssliste tilgang med action filter - Permit
+  
+  GITT en bruker med tilgang til ressurs for avgiver gjennom rolle eller enkeltdelegering
+  NÅR ressursen krever tilgangsliste autorisasjon
+  OG avgiver er medlem av minst en tilgangsliste som er knytt til ressursen
+  OG tilgangslisten for ressursen har action filter begrensning som matcher action brukeren skal autoriseres for
+  SÅ skal bruker få Permit
+  
+  Scenario/Testdata setup:
+  The user is DAGL for the party. The party have access list membership for the resource with action filter for the action: read.
+}
diff --git a/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC3_Delegation_Deny.bru b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC3_Delegation_Deny.bru
new file mode 100644
index 00000000..603f9f13
--- /dev/null
+++ b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC3_Delegation_Deny.bru	
@@ -0,0 +1,115 @@
+meta {
+  name: AccessList_AC3_Delegation_Deny
+  type: http
+  seq: 6
+}
+
+post {
+  url: {{baseUrl}}/authorization/api/v1/authorize
+  body: json
+  auth: inherit
+}
+
+headers {
+  Content-Type: application/json
+  Ocp-Apim-Subscription-Key: {{apimSubscriptionKey}}
+}
+
+body:json {
+  /*
+  See Docs tab for test case description
+  */
+  {
+      "Request": {
+          "ReturnPolicyIdList": false,
+          "AccessSubject": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:person:identifier-no",
+                          "Value": "12819498464"
+                      }
+                  ]
+              }
+          ],
+          "Action": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+                          "Value": "read",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ],
+          "Resource": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:resource",
+                          "Value": "devtest_gar_bruno_accesslist"
+                      },
+                      {
+                          "AttributeId": "urn:altinn:organization:identifier-no",
+                          "Value": "310631302",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ]
+      }
+  }
+}
+
+assert {
+  ~res.status: eq 200
+  ~res.body: contains created
+}
+
+script:pre-request {
+  const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+  const sharedtestdata = require(`./Testdata/Authorization/sharedtestdata.json`);
+  
+  var getTokenParameters = {
+    auth_tokenType: sharedtestdata.authTokenType.enterprise,
+    auth_scopes: sharedtestdata.auth_scopes.authorize,
+    auth_org: "digdir",
+    auth_orgNo: "991825827"
+  }
+  
+  const token = await testTokenGenerator.getToken(getTokenParameters);
+  
+  bru.setVar("bearerToken",  token);
+}
+
+script:post-response {
+  //console.log("request url (after): " + req.getUrl());
+}
+
+tests {
+  
+  test("POST Authorize AccessList_AC3_Delegation_Deny result", function() {
+    const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+    const data = res.getBody();  
+    expect(res.status).to.equal(200);
+    expect(data.response[0]).to.have.property('decision', "Deny");
+  });
+}
+
+docs {
+  Issue:
+  https://github.com/Altinn/altinn-access-management/issues/748
+  
+  Acceptance Criteria:
+  AC3 - Avgiver uten Tilgangssliste tilgang - Deny
+  
+  GITT en bruker med tilgang til ressurs for avgiver gjennom rolle eller enkeltdelegering
+  NÅR ressursen krever tilgangsliste autorisasjon
+  OG avgiver IKKE er medlem av noen tilgangsliste som er knytt til ressursen
+  SÅ skal bruker få Deny
+  
+  Scenario/Testdata setup:
+  The user has received delegation of read action for the resource from the party.
+  The party does not have access list membership for the resource.
+}
diff --git a/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC3_Deny.bru b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC3_Deny.bru
new file mode 100644
index 00000000..dec141f3
--- /dev/null
+++ b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC3_Deny.bru	
@@ -0,0 +1,114 @@
+meta {
+  name: AccessList_AC3_Deny
+  type: http
+  seq: 5
+}
+
+post {
+  url: {{baseUrl}}/authorization/api/v1/authorize
+  body: json
+  auth: inherit
+}
+
+headers {
+  Content-Type: application/json
+  Ocp-Apim-Subscription-Key: {{apimSubscriptionKey}}
+}
+
+body:json {
+  /*
+  See Docs tab for test case description
+  */
+  {
+      "Request": {
+          "ReturnPolicyIdList": false,
+          "AccessSubject": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:person:identifier-no",
+                          "Value": "08827798585"
+                      }
+                  ]
+              }
+          ],
+          "Action": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+                          "Value": "read",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ],
+          "Resource": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:resource",
+                          "Value": "devtest_gar_bruno_accesslist"
+                      },
+                      {
+                          "AttributeId": "urn:altinn:organization:identifier-no",
+                          "Value": "310631302",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ]
+      }
+  }
+}
+
+assert {
+  ~res.status: eq 200
+  ~res.body: contains created
+}
+
+script:pre-request {
+  const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+  const sharedtestdata = require(`./Testdata/Authorization/sharedtestdata.json`);
+  
+  var getTokenParameters = {
+    auth_tokenType: sharedtestdata.authTokenType.enterprise,
+    auth_scopes: sharedtestdata.auth_scopes.authorize,
+    auth_org: "digdir",
+    auth_orgNo: "991825827"
+  }
+  
+  const token = await testTokenGenerator.getToken(getTokenParameters);
+  
+  bru.setVar("bearerToken",  token);
+}
+
+script:post-response {
+  //console.log("request url (after): " + req.getUrl());
+}
+
+tests {
+  
+  test("POST Authorize AccessList_AC3_Deny result", function() {
+    const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+    const data = res.getBody();  
+    expect(res.status).to.equal(200);
+    expect(data.response[0]).to.have.property('decision', "Deny");
+  });
+}
+
+docs {
+  Issue:
+  https://github.com/Altinn/altinn-access-management/issues/748
+  
+  Acceptance Criteria:
+  AC3 - Avgiver uten Tilgangssliste tilgang - Deny
+  
+  GITT en bruker med tilgang til ressurs for avgiver gjennom rolle eller enkeltdelegering
+  NÅR ressursen krever tilgangsliste autorisasjon
+  OG avgiver IKKE er medlem av noen tilgangsliste som er knytt til ressursen
+  SÅ skal bruker få Deny
+  
+  Scenario/Testdata setup:
+  The user is DAGL for the party. The party does not have access list membership for the resource.
+}
diff --git a/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC4_Delegation_Deny.bru b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC4_Delegation_Deny.bru
new file mode 100644
index 00000000..8cc0234b
--- /dev/null
+++ b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC4_Delegation_Deny.bru	
@@ -0,0 +1,116 @@
+meta {
+  name: AccessList_AC4_Delegation_Deny
+  type: http
+  seq: 8
+}
+
+post {
+  url: {{baseUrl}}/authorization/api/v1/authorize
+  body: json
+  auth: inherit
+}
+
+headers {
+  Content-Type: application/json
+  Ocp-Apim-Subscription-Key: {{apimSubscriptionKey}}
+}
+
+body:json {
+  /*
+  See Docs tab for test case description
+  */
+  {
+      "Request": {
+          "ReturnPolicyIdList": false,
+          "AccessSubject": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:person:identifier-no",
+                          "Value": "08827798585"
+                      }
+                  ]
+              }
+          ],
+          "Action": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+                          "Value": "write",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ],
+          "Resource": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:resource",
+                          "Value": "devtest_gar_bruno_accesslist_actionfilter"
+                      },
+                      {
+                          "AttributeId": "urn:altinn:organization:identifier-no",
+                          "Value": "313776735",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ]
+      }
+  }
+}
+
+assert {
+  ~res.status: eq 200
+  ~res.body: contains created
+}
+
+script:pre-request {
+  const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+  const sharedtestdata = require(`./Testdata/Authorization/sharedtestdata.json`);
+  
+  var getTokenParameters = {
+    auth_tokenType: sharedtestdata.authTokenType.enterprise,
+    auth_scopes: sharedtestdata.auth_scopes.authorize,
+    auth_org: "digdir",
+    auth_orgNo: "991825827"
+  }
+  
+  const token = await testTokenGenerator.getToken(getTokenParameters);
+  
+  bru.setVar("bearerToken",  token);
+}
+
+script:post-response {
+  //console.log("request url (after): " + req.getUrl());
+}
+
+tests {
+  
+  test("POST Authorize AccessList_AC4_Deny result", function() {
+    const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+    const data = res.getBody();  
+    expect(res.status).to.equal(200);
+    expect(data.response[0]).to.have.property('decision', "Deny");
+  });
+}
+
+docs {
+  Issue:
+  https://github.com/Altinn/altinn-access-management/issues/748
+  
+  Acceptance Criteria:
+  AC4 - Avgiver med Tilgangssliste tilgang med action filter - Deny
+  
+  GITT en bruker med tilgang til ressurs for avgiver gjennom rolle eller enkeltdelegering
+  NÅR ressursen krever tilgangsliste autorisasjon
+  OG avgiver er medlem av minst en tilgangsliste som er knytt til ressursen
+  OG tilgangslisten for ressursen har action filter begrensning som IKKE matcher action brukeren skal autoriseres for
+  SÅ skal bruker få Deny
+  
+  Scenario/Testdata setup:
+  The user has received delegation of both read and write action for the resource from the party.
+  The party have access list membership for the resource with action filter for the action: read.
+}
diff --git a/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC4_Deny.bru b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC4_Deny.bru
new file mode 100644
index 00000000..70aaabc4
--- /dev/null
+++ b/test/Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/AccessList_AC4_Deny.bru	
@@ -0,0 +1,115 @@
+meta {
+  name: AccessList_AC4_Deny
+  type: http
+  seq: 7
+}
+
+post {
+  url: {{baseUrl}}/authorization/api/v1/authorize
+  body: json
+  auth: inherit
+}
+
+headers {
+  Content-Type: application/json
+  Ocp-Apim-Subscription-Key: {{apimSubscriptionKey}}
+}
+
+body:json {
+  /*
+  See Docs tab for test case description
+  */
+  {
+      "Request": {
+          "ReturnPolicyIdList": false,
+          "AccessSubject": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:person:identifier-no",
+                          "Value": "12819498464"
+                      }
+                  ]
+              }
+          ],
+          "Action": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+                          "Value": "write",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ],
+          "Resource": [
+              {
+                  "Attribute": [
+                      {
+                          "AttributeId": "urn:altinn:resource",
+                          "Value": "devtest_gar_bruno_accesslist_actionfilter"
+                      },
+                      {
+                          "AttributeId": "urn:altinn:organization:identifier-no",
+                          "Value": "313776735",
+                          "DataType": "http://www.w3.org/2001/XMLSchema#string"
+                      }
+                  ]
+              }
+          ]
+      }
+  }
+}
+
+assert {
+  ~res.status: eq 200
+  ~res.body: contains created
+}
+
+script:pre-request {
+  const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+  const sharedtestdata = require(`./Testdata/Authorization/sharedtestdata.json`);
+  
+  var getTokenParameters = {
+    auth_tokenType: sharedtestdata.authTokenType.enterprise,
+    auth_scopes: sharedtestdata.auth_scopes.authorize,
+    auth_org: "digdir",
+    auth_orgNo: "991825827"
+  }
+  
+  const token = await testTokenGenerator.getToken(getTokenParameters);
+  
+  bru.setVar("bearerToken",  token);
+}
+
+script:post-response {
+  //console.log("request url (after): " + req.getUrl());
+}
+
+tests {
+  
+  test("POST Authorize AccessList_AC4_Deny result", function() {
+    const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+    const data = res.getBody();  
+    expect(res.status).to.equal(200);
+    expect(data.response[0]).to.have.property('decision', "Deny");
+  });
+}
+
+docs {
+  Issue:
+  https://github.com/Altinn/altinn-access-management/issues/748
+  
+  Acceptance Criteria:
+  AC4 - Avgiver med Tilgangssliste tilgang med action filter - Deny
+  
+  GITT en bruker med tilgang til ressurs for avgiver gjennom rolle eller enkeltdelegering
+  NÅR ressursen krever tilgangsliste autorisasjon
+  OG avgiver er medlem av minst en tilgangsliste som er knytt til ressursen
+  OG tilgangslisten for ressursen har action filter begrensning som IKKE matcher action brukeren skal autoriseres for
+  SÅ skal bruker få Deny
+  
+  Scenario/Testdata setup:
+  The user is DAGL for the party. The party have access list membership for the resource with action filter for the action: read.
+}
diff --git "a/test/Bruno/Altinn.Authorization/Manual Test Collection/AccessList Authorization/\303\230rsta for devtest_gar_rrr_accesslist.bru" "b/test/Bruno/Altinn.Authorization/Manual Test Collection/AccessList Authorization/\303\230rsta for devtest_gar_rrr_accesslist.bru"
new file mode 100644
index 00000000..7e9a209d
--- /dev/null
+++ "b/test/Bruno/Altinn.Authorization/Manual Test Collection/AccessList Authorization/\303\230rsta for devtest_gar_rrr_accesslist.bru"	
@@ -0,0 +1,73 @@
+meta {
+  name: Ørsta for devtest_gar_rrr_accesslist
+  type: http
+  seq: 1
+}
+
+post {
+  url: {{baseUrl}}/authorization/api/v1/accesslist/authorize
+  body: json
+  auth: bearer
+}
+
+headers {
+  Content-Type: application/json
+  Ocp-Apim-Subscription-Key: {{appsAccessKey}}
+}
+
+auth:bearer {
+  token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjM4OTJENDgyRTYyMDI2NzI1MTJBRTBDMkQ5REJBQzBERTRBNEVDMzciLCJ0eXAiOiJKV1QiLCJ4NWMiOiIzODkyRDQ4MkU2MjAyNjcyNTEyQUUwQzJEOURCQUMwREU0QTRFQzM3In0.eyJzY29wZSI6ImFsdGlubjphdXRob3JpemF0aW9uL2F1dGhvcml6ZS5hZG1pbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJleHAiOjE3Mjg4ODEzNzQsImlhdCI6MTcyNTI4MTM3NCwiY2xpZW50X2lkIjoiOTAwMjhjODctNmIxOC00MzllLTg1YWYtOGE0NmFmZGI5MzljIiwianRpIjoiZHNoSDR1R1ZDQ0VZb3RvODBDMTdqd2JtbVZhMnZyVWFPcDg2LXZ6QkRBWCIsImNvbnN1bWVyIjp7ImF1dGhvcml0eSI6ImlzbzY1MjMtYWN0b3JpZC11cGlzIiwiSUQiOiIwMTkyOjk5MTgyNTgyNyJ9LCJ1cm46YWx0aW5uOm9yZ051bWJlciI6Ijk5MTgyNTgyNyIsInVybjphbHRpbm46YXV0aGVudGljYXRlbWV0aG9kIjoibWFza2lucG9ydGVuIiwidXJuOmFsdGlubjphdXRobGV2ZWwiOjMsImlzcyI6Imh0dHBzOi8vcGxhdGZvcm0uYXQyMi5hbHRpbm4uY2xvdWQvYXV0aGVudGljYXRpb24vYXBpL3YxL29wZW5pZC8iLCJhY3R1YWxfaXNzIjoiYWx0aW5uLXRlc3QtdG9vbHMiLCJuYmYiOjE3MjUyODEzNzQsInVybjphbHRpbm46b3JnIjoiZGlnZGlyIn0.N09_m_fwptp6ChwTrMLKVxIEtCcDN-hdhqpyLVpWrxYoTcIcFcjpiHkUV0MyOKu-3TzQCcRDXaiA_Mhhp957EL7cZI5METV7wuFnnzxbwuwv3y6LplIYMvtb-8BWQ6pvxJB_vuGhp9AtCPpVZRS1M1JgwHXC6D16OMlu5rLwN3q_ck8VquD3uob8Toh7IMqrQk_9u0LwwFiPn8zmOKuZblYIL9tfBAnDt_yQPaLOEXBGHCqcZNeJM3P2T-bAoponpFYs6pC4Gbeu6QDpr1ULFXcl2e1Hy14SF5OiHXVi0nDjeQtYXJEabX6sPQbfOuILCwv03EN8GOBZuwCXxlB26w
+}
+
+body:json {
+  {
+    "subject": {
+      "type": "urn:altinn:organization:identifier-no",
+      "value": "910459880"
+    },
+    "resource": {
+      "type": "urn:altinn:resource",
+      "value": "devtest_gar_rrr_accesslist"
+    },
+    "action": {
+      "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+      "value": "whatever"
+    }
+  }
+}
+
+vars:pre-request {
+  auth_tokenType: Enterprise
+  auth_scopes: altinn:authorization/authorize
+  auth_org: ttd
+  auth_orgNo: 991825827
+}
+
+assert {
+  ~res.status: eq 200
+  ~res.body: contains created
+}
+
+script:pre-request {
+  //await testTokenGenerator.getToken();
+}
+
+tests {
+  
+  test("3 POST Decision result on read is permit", function() {
+    const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`);
+    const data = res.getBody();  
+    expect(res.status).to.equal(200);
+    expect(data.response[0]).to.have.property('decision', "Permit");
+  });
+}
+
+docs {
+  Get a decision from PDP with appOwner details and validate response to have Permit.
+  
+  AccessSubject: ['urn:altinn:org']
+  
+  Action: ['read']
+  
+  Resource: ['urn:altinn:app', 'urn:altinn:org']
+}
diff --git a/test/Bruno/Altinn.Authorization/environments/PROD.bru b/test/Bruno/Altinn.Authorization/environments/PROD.bru
index b8d10fb6..6ffdb653 100644
--- a/test/Bruno/Altinn.Authorization/environments/PROD.bru
+++ b/test/Bruno/Altinn.Authorization/environments/PROD.bru
@@ -1,3 +1,4 @@
 vars {
-  baseUrl: https://platform.altinn.cloud
+  baseUrl: https://platform.altinn.no
+  apimSubscriptionKey: {{process.env.PROD_APIM_SUBSCRIPTION_KEY}}
 }
diff --git a/test/IntegrationTests/AccessListAuthorizationControllerTest.cs b/test/IntegrationTests/AccessListAuthorizationControllerTest.cs
new file mode 100644
index 00000000..10a3b5b1
--- /dev/null
+++ b/test/IntegrationTests/AccessListAuthorizationControllerTest.cs
@@ -0,0 +1,112 @@
+using System;
+using System.IO;
+using System.Net;
+using System.Net.Http;
+using System.Text;
+using System.Text.Json;
+using System.Threading.Tasks;
+using Altinn.Common.AccessToken.Services;
+using Altinn.Common.Authentication.Configuration;
+using Altinn.Platform.Authorization.Controllers;
+using Altinn.Platform.Authorization.IntegrationTests.MockServices;
+using Altinn.Platform.Authorization.IntegrationTests.Util;
+using Altinn.Platform.Authorization.IntegrationTests.Webfactory;
+using Altinn.Platform.Authorization.Models;
+using Altinn.Platform.Authorization.Services.Interface;
+using Altinn.Platform.Authorization.Services.Interfaces;
+using Altinn.Platform.Events.Tests.Mocks;
+using Altinn.ResourceRegistry.Tests.Mocks;
+using AltinnCore.Authentication.JwtCookie;
+using Microsoft.AspNetCore.Mvc.Testing;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using Xunit;
+
+namespace Altinn.Platform.Authorization.IntegrationTests;
+
+public class AccessListAuthorizationControllerTest : IClassFixture<CustomWebApplicationFactory<AccessListAuthorizationController>>
+{
+    private static readonly JsonSerializerOptions _serializerOptions = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
+    private readonly CustomWebApplicationFactory<AccessListAuthorizationController> _factory;
+
+    public AccessListAuthorizationControllerTest(CustomWebApplicationFactory<AccessListAuthorizationController> fixture)
+    {
+        _factory = fixture;
+    }
+
+    /// <summary>
+    /// Tests the scenario where the request does not have a valid platform access token.
+    /// </summary>
+    [Fact]
+    public async Task AccessList_Authorization_Unauthorized_MissingPlatformAccessToken()
+    {
+        // Act
+        HttpResponseMessage response = await GetTestClient().SendAsync(GetPostRequestMessage("Permit_WithoutActionFilter"));
+
+        // Assert
+        Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
+    }
+
+    /// <summary>
+    /// Tests the scenario where the subject organization has access to the resource 'ttd-accesslist-resource' through access list membership without any action filter.
+    /// </summary>
+    [Fact]
+    public async Task AccessList_Authorization_Permit_WithoutActionFilter()
+    {
+        string testCase = "Permit_WithoutActionFilter";
+        AccessListAuthorizationResponse expected = GetExpectedResponse("Permit_WithoutActionFilter");
+
+        // Act
+        HttpResponseMessage response = await GetTestClient().SendAsync(GetPostRequestMessage(testCase, PrincipalUtil.GetAccessToken("access-management", "platform")));
+        string responseContent = await response.Content.ReadAsStringAsync();
+
+        // Assert
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+        AccessListAuthorizationResponse actual = JsonSerializer.Deserialize<AccessListAuthorizationResponse>(responseContent, _serializerOptions);
+        AssertionUtil.AssertEqual(expected, actual);
+    }
+
+    private HttpClient GetTestClient()
+    {
+        HttpClient client = _factory.WithWebHostBuilder(builder =>
+        {
+            builder.ConfigureTestServices(services =>
+            {
+                services.AddSingleton<IParties, PartiesMock>();
+                services.AddSingleton<IPostConfigureOptions<JwtCookieOptions>, JwtCookiePostConfigureOptionsStub>();
+                services.AddSingleton<IPostConfigureOptions<OidcProviderSettings>, OidcProviderPostConfigureSettingsStub>();
+                services.AddSingleton<IRegisterService, RegisterServiceMock>();
+                services.AddSingleton<IResourceRegistry, ResourceRegistryMock>();
+                services.AddSingleton<IPublicSigningKeyProvider, PublicSigningKeyProviderMock>();
+            });
+        }).CreateClient(new WebApplicationFactoryClientOptions { AllowAutoRedirect = false });
+
+        return client;
+    }
+
+    private static HttpRequestMessage GetPostRequestMessage(string testCase, string platformAccessToken = null)
+    {
+        string requestPath = Path.Combine(Path.GetDirectoryName(new Uri(typeof(AccessListAuthorizationControllerTest).Assembly.Location).LocalPath),  "Data", "Json", "AccessListAuthorization");
+        string requestText = File.ReadAllText(Path.Combine(requestPath, testCase + "_Request.json"));
+
+        HttpRequestMessage message = new HttpRequestMessage(HttpMethod.Post, "authorization/api/v1/accesslist/accessmanagement/authorization")
+        {
+            Content = new StringContent(requestText, Encoding.UTF8, "application/json")
+        };
+
+        if (!string.IsNullOrEmpty(platformAccessToken))
+        {
+            message.Headers.Add("PlatformAccessToken", platformAccessToken);
+        }
+
+        return message;
+    }
+
+    private static AccessListAuthorizationResponse GetExpectedResponse(string testCase)
+    {
+        string requestPath = Path.Combine(Path.GetDirectoryName(new Uri(typeof(AccessListAuthorizationControllerTest).Assembly.Location).LocalPath), "Data", "Json", "AccessListAuthorization");
+        return (AccessListAuthorizationResponse)JsonSerializer.Deserialize(File.ReadAllText(Path.Combine(requestPath, testCase + "_Response.json")), typeof(AccessListAuthorizationResponse), _serializerOptions);
+    }
+}
diff --git a/test/IntegrationTests/Altinn.Platform.Authorization.IntegrationTests.csproj b/test/IntegrationTests/Altinn.Platform.Authorization.IntegrationTests.csproj
index 9f10cc23..8f3e6d04 100644
--- a/test/IntegrationTests/Altinn.Platform.Authorization.IntegrationTests.csproj
+++ b/test/IntegrationTests/Altinn.Platform.Authorization.IntegrationTests.csproj
@@ -48,6 +48,12 @@
     <None Update="appsettings.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Update="platform-org.pem">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+    <None Update="platform-org.pfx">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Update="selfSignedTestCertificate.pfx">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
@@ -63,213 +69,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <None Remove="Data\blobs\input\error\delegationeventfail\50001337\u20001336\delegationpolicy.xml" />
-    <None Remove="Data\blobs\input\error\delegationeventfail\policy.xml" />
-    <None Remove="Data\blobs\input\org1\app1\50005545\SystemUser47caea5b-a80b-4343-b1d3-31eb523a4e28\delegationpolicy.xml" />
-    <None Remove="Data\blobs\input\skd\taxreport\1000\u20001337\delegationpolicy.xml" />
-    <None Remove="Data\blobs\input\skd\taxreport\50005545\SystemUser47caea5b-a80b-4343-b1d3-31eb523a4e28\delegationpolicy.xml" />
-    <None Remove="Data\blobs\input\ttd-externalpdp-resource1\50005545\SystemUser47caea5b-a80b-4343-b1d3-31eb523a4e28\delegationpolicy.xml" />
-    <None Remove="Data\Json\AddRules\DelegationEventError.json" />
-    <None Remove="Data\Json\DelegationChanges\delegationchanges_replay.json" />
-    <None Remove="Data\Json\GetResourcePolicies\Org2App1Request.json" />
-    <None Remove="Data\Json\GetResourcePolicies\Org2App2Request.json" />
-    <None Remove="Data\Register\500000.json" />
-    <None Remove="Data\Register\500001.json" />
-    <None Remove="Data\Register\500002.json" />
-    <None Remove="Data\Register\500003.json" />
-    <None Remove="Data\Register\500600.json" />
-    <None Remove="Data\Register\500700.json" />
-    <None Remove="Data\Register\500800.json" />
-    <None Remove="Data\Register\500801.json" />
-    <None Remove="Data\Register\500802.json" />
-    <None Remove="Data\Register\501337.json" />
-    <None Remove="Data\Register\510001.json" />
-    <None Remove="Data\Register\510002.json" />
-    <None Remove="Data\Register\510003.json" />
-    <None Remove="Data\Register\512345.json" />
-    <None Remove="Data\Register\Org\897069631.json" />
-    <None Remove="Data\Register\Org\897069650.json" />
-    <None Remove="Data\Register\Org\897069651.json" />
-    <None Remove="Data\Register\Org\897069652.json" />
-    <None Remove="Data\Register\Org\897069653.json" />
-    <None Remove="Data\Register\Org\900000001.json" />
-    <None Remove="Data\Register\Org\910423185.json" />
-    <None Remove="Data\Register\Org\910423495.json" />
-    <None Remove="Data\Register\Org\910457292.json" />
-    <None Remove="Data\Register\Org\910471120.json" />
-    <None Remove="Data\Register\Org\950474084.json" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps0001DelegationRequest.xml" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps0001DelegationResponse.xml" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps0021Policy.xml" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps0024Policy.xml" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps0025Policy.xml" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps_OedFormuesfullmakt_Json_PermitPolicy.xml" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps_OedFormuesfullmakt_Json_PermitRequest.json" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps_OedFormuesfullmakt_Json_PermitResponse.json" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps_OedFormuesfullmakt_Xml_PermitPolicy.xml" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps_OedFormuesfullmakt_Xml_PermitRequest.xml" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps_OedFormuesfullmakt_Xml_PermitResponse.xml" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps_SystemUserWithDelegation_PermitRequest.json" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\AltinnApps_SystemUserWithDelegation_PermitResponse.json" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\error\delegationeventfail\policy.xml" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\eventlog\AltinnApps0001Event.json" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\eventlog\AltinnApps0004Event.json" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\eventlog\AltinnApps0007Event.json" />
-    <None Remove="Data\Xacml\3.0\AltinnApps\eventlog\AltinnResourceRegistry0001Event.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0001Request.xml" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0001Response.xml" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0002Request.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0002Response.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0003Request.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0003Response.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0004Request.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0004Response.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0005Request.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0005Response.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0006Request.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0006Response.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0007Request.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0007Response.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0008Request.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0008Response.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0009Request.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0009Response.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0010Request.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0010Response.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0011Request.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0011Response.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\oed-role-formuesfullmakt\policy.xml" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\apidelegation\policy.xml" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Json_IndeterminateRequest.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Json_IndeterminateResponse.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Json_PermitRequest.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Json_PermitResponse.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Xml_IndeterminateRequest.xml" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Xml_IndeterminateResponse.xml" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Xml_PermitRequest.xml" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Xml_PermitResponse.xml" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\eventlog\AltinnResourceRegistry0004Event.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_SystemUserWithDelegation_PermitRequest.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_SystemUserWithDelegation_PermitResponse.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_SystemUserWithDelegation_TooManyRequestSubjects_IndeterminateRequest.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_SystemUserWithDelegation_TooManyRequestSubjects_IndeterminateResponse.json" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ttd-externalpdp-resource2\policy.xml" />
-    <None Remove="Data\Xacml\3.0\ResourceRegistry\ttd-externalpdp-resource1\policy.xml" />
+    <None Remove="Data\Json\AccessListAuthorization\Permit_WithoutActionFilter_Request.json" />
+    <None Remove="Data\Json\AccessListAuthorization\Permit_WithoutActionFilter_Response.json" />
   </ItemGroup>
-
-  <ItemGroup>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0008Response.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_SystemUserWithDelegation_TooManyRequestSubjects_IndeterminateRequest.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_SystemUserWithDelegation_PermitRequest.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0011Request.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0010Request.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0010Response.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0009Response.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0009Request.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_SystemUserWithDelegation_TooManyRequestSubjects_IndeterminateResponse.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_SystemUserWithDelegation_PermitResponse.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0011Response.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0008Request.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0007Response.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0007Request.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0006Response.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0006Request.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0005Response.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0005Request.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\oed-role-formuesfullmakt\policy.xml">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Json_IndeterminateRequest.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Json_PermitRequest.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Json_IndeterminateResponse.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Json_PermitResponse.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Xml_IndeterminateRequest.xml">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Xml_PermitRequest.xml">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0001Request.xml">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Xml_IndeterminateResponse.xml">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\ResourceRegistry_OedFormuesfullmakt_Xml_PermitResponse.xml">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0001Response.xml">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0002Request.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0002Response.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0004Response.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0004Request.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0003Request.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\AltinnResourceRegistry0003Response.json">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Update="Data\Xacml\3.0\ResourceRegistry\apidelegation\policy.xml">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-  </ItemGroup>
-
-  <ItemGroup>
-    <Folder Include="Data\Xacml\3.0\ResourceRegistry\ttd-altinn-events-automated-tests\" />
-  </ItemGroup>
-
 </Project>
diff --git a/test/IntegrationTests/Data/Json/AccessListAuthorization/Permit_WithoutActionFilter_Request.json b/test/IntegrationTests/Data/Json/AccessListAuthorization/Permit_WithoutActionFilter_Request.json
new file mode 100644
index 00000000..366311d1
--- /dev/null
+++ b/test/IntegrationTests/Data/Json/AccessListAuthorization/Permit_WithoutActionFilter_Request.json
@@ -0,0 +1,14 @@
+{
+  "subject": {
+    "type": "urn:altinn:organization:identifier-no",
+    "value": "910459880"
+  },
+  "resource": {
+    "type": "urn:altinn:resource",
+    "value": "ttd-accesslist-resource"
+  },
+  "action": {
+    "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+    "value": "whatever"
+  }
+}
\ No newline at end of file
diff --git a/test/IntegrationTests/Data/Json/AccessListAuthorization/Permit_WithoutActionFilter_Response.json b/test/IntegrationTests/Data/Json/AccessListAuthorization/Permit_WithoutActionFilter_Response.json
new file mode 100644
index 00000000..9b340de3
--- /dev/null
+++ b/test/IntegrationTests/Data/Json/AccessListAuthorization/Permit_WithoutActionFilter_Response.json
@@ -0,0 +1,15 @@
+{
+  "subject": {
+    "type": "urn:altinn:organization:identifier-no",
+    "value": "910459880"
+  },
+  "resource": {
+    "type": "urn:altinn:resource",
+    "value": "ttd-accesslist-resource"
+  },
+  "action": {
+    "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+    "value": "whatever"
+  },
+  "result": "Authorized"
+}
\ No newline at end of file
diff --git a/test/IntegrationTests/Data/Json/ResourceList/ResourceList.json b/test/IntegrationTests/Data/Json/ResourceList/ResourceList.json
new file mode 100644
index 00000000..dd61d295
--- /dev/null
+++ b/test/IntegrationTests/Data/Json/ResourceList/ResourceList.json
@@ -0,0 +1,137 @@
+[
+  {
+    "identifier": "ttd-externalpdp-resource1",
+    "title": {
+      "en": "External PDP Test Resource1",
+      "nb": "External PDP Test Resource1",
+      "nn": "External PDP Test Resource1"
+    },
+    "description": {
+      "en": "Very nice test resource",
+      "nb": "Veldig fin test ressurs",
+      "nn": "Steikje fine test ressurs"
+    },
+    "rightDescription": {
+      "en": "You'll give access to this nice test resource",
+      "nb": "Du gir tilgang til denne fine test ressursen",
+      "nn": "Du gir tilgong til dinne steikje fine test ressursen"
+    },
+    "homepage": "",
+    "status": "Active",
+    "contactPoints": [],
+    "isPartOf": "",
+    "resourceReferences": [],
+    "delegable": true,
+    "visible": true,
+    "hasCompetentAuthority": {
+      "name": {
+        "en": "Test Ministry",
+        "nb": "Testdepartementet",
+        "nn": "Testdepartementet"
+      },
+      "organization": "991825827",
+      "orgcode": "ttd"
+    },
+    "keywords": [],
+    "AccessListMode": "Disabled",
+    "selfIdentifiedUserEnabled": false,
+    "enterpriseUserEnabled": false,
+    "resourceType": "GenericAccessResource",
+    "authorizationReference": [
+      {
+        "id": "urn:altinn:resource",
+        "value": "ttd-externalpdp-resource1"
+      }
+    ]
+  },
+  {
+    "identifier": "ttd-accesslist-resource",
+    "title": {
+      "en": "PDP Test Resource Requiring AccessList Authorization",
+      "nb": "PDP Test Resource Requiring AccessList Authorization",
+      "nn": "PDP Test Resource Requiring AccessList Authorization"
+    },
+    "description": {
+      "en": "Very nice test resource",
+      "nb": "Veldig fin test ressurs",
+      "nn": "Steikje fine test ressurs"
+    },
+    "rightDescription": {
+      "en": "You'll give access to this nice test resource",
+      "nb": "Du gir tilgang til denne fine test ressursen",
+      "nn": "Du gir tilgong til dinne steikje fine test ressursen"
+    },
+    "homepage": "",
+    "status": "Active",
+    "contactPoints": [],
+    "isPartOf": "",
+    "resourceReferences": [],
+    "delegable": true,
+    "visible": true,
+    "hasCompetentAuthority": {
+      "name": {
+        "en": "Test Ministry",
+        "nb": "Testdepartementet",
+        "nn": "Testdepartementet"
+      },
+      "organization": "991825827",
+      "orgcode": "ttd"
+    },
+    "keywords": [],
+    "AccessListMode": "Enabled",
+    "selfIdentifiedUserEnabled": false,
+    "enterpriseUserEnabled": false,
+    "resourceType": "GenericAccessResource",
+    "authorizationReference": [
+      {
+        "id": "urn:altinn:resource",
+        "value": "ttd-accesslist-resource"
+      }
+    ]
+  },
+  {
+    "identifier": "ttd-accesslist-resource-with-actionfilter",
+    "title": {
+      "en": "PDP Test Resource Requiring AccessList Authorization, AccessLists include action filter",
+      "nb": "PDP Test Resource Requiring AccessList Authorization, AccessLists include action filter",
+      "nn": "PDP Test Resource Requiring AccessList Authorization, AccessLists include action filter"
+    },
+    "description": {
+      "en": "Very nice test resource",
+      "nb": "Veldig fin test ressurs",
+      "nn": "Steikje fine test ressurs"
+    },
+    "rightDescription": {
+      "en": "You'll give access to this nice test resource",
+      "nb": "Du gir tilgang til denne fine test ressursen",
+      "nn": "Du gir tilgong til dinne steikje fine test ressursen"
+    },
+    "homepage": "",
+    "status": "Active",
+    "contactPoints": [],
+    "isPartOf": "",
+    "resourceReferences": [],
+    "delegable": true,
+    "visible": true,
+    "hasCompetentAuthority": {
+      "name": {
+        "en": "Test Ministry",
+        "nb": "Testdepartementet",
+        "nn": "Testdepartementet"
+      },
+      "organization": "991825827",
+      "orgcode": "ttd"
+    },
+    "keywords": [],
+    "AccessListMode": "Enabled",
+    "selfIdentifiedUserEnabled": false,
+    "enterpriseUserEnabled": false,
+    "resourceType": "GenericAccessResource",
+    "authorizationReference": [
+      {
+        "id": "urn:altinn:resource",
+        "value": "ttd-accesslist-resource-with-actionfilter"
+      }
+    ]
+  }
+]
diff --git a/test/IntegrationTests/Data/Register/50005545.json b/test/IntegrationTests/Data/Register/50005545.json
new file mode 100644
index 00000000..53ce3b14
--- /dev/null
+++ b/test/IntegrationTests/Data/Register/50005545.json
@@ -0,0 +1,29 @@
+{
+  "PartyTypeName": 2,
+  "SSN": "",
+  "OrgNumber": "910459880",
+  "Person": null,
+  "Organization": {
+    "OrgNumber": "910459880",
+    "Name": "ØRSTA OG HEGGEDAL REGNSKAP",
+    "UnitType": "AS",
+    "TelephoneNumber": null,
+    "MobileNumber": null,
+    "FaxNumber": null,
+    "EMailAddress": "test@test.test",
+    "InternetAddress": null,
+    "MailingAddress": null,
+    "MailingPostalCode": null,
+    "MailingPostalCity": null,
+    "BusinessAddress": null,
+    "BusinessPostalCode": null,
+    "BusinessPostalCity": null
+  },
+  "PartyId": 50005545,
+  "PartyUuid": "00000000-0000-0000-0005-000000005545",
+  "UnitType": "AS",
+  "Name": "ØRSTA OG HEGGEDAL REGNSKAP",
+  "IsDeleted": false,
+  "OnlyHierarchyElementWithNoAccess": false,
+  "ChildParties": null
+}
\ No newline at end of file
diff --git a/test/IntegrationTests/Data/Register/Org/910459880.json b/test/IntegrationTests/Data/Register/Org/910459880.json
new file mode 100644
index 00000000..53ce3b14
--- /dev/null
+++ b/test/IntegrationTests/Data/Register/Org/910459880.json
@@ -0,0 +1,29 @@
+{
+  "PartyTypeName": 2,
+  "SSN": "",
+  "OrgNumber": "910459880",
+  "Person": null,
+  "Organization": {
+    "OrgNumber": "910459880",
+    "Name": "ØRSTA OG HEGGEDAL REGNSKAP",
+    "UnitType": "AS",
+    "TelephoneNumber": null,
+    "MobileNumber": null,
+    "FaxNumber": null,
+    "EMailAddress": "test@test.test",
+    "InternetAddress": null,
+    "MailingAddress": null,
+    "MailingPostalCode": null,
+    "MailingPostalCity": null,
+    "BusinessAddress": null,
+    "BusinessPostalCode": null,
+    "BusinessPostalCity": null
+  },
+  "PartyId": 50005545,
+  "PartyUuid": "00000000-0000-0000-0005-000000005545",
+  "UnitType": "AS",
+  "Name": "ØRSTA OG HEGGEDAL REGNSKAP",
+  "IsDeleted": false,
+  "OnlyHierarchyElementWithNoAccess": false,
+  "ChildParties": null
+}
\ No newline at end of file
diff --git a/test/IntegrationTests/Data/Roles/user_20000490/party_50005545/roles.json b/test/IntegrationTests/Data/Roles/user_20000490/party_50005545/roles.json
new file mode 100644
index 00000000..6986aad0
--- /dev/null
+++ b/test/IntegrationTests/Data/Roles/user_20000490/party_50005545/roles.json
@@ -0,0 +1,10 @@
+[
+  {
+    "Type": "altinn",
+    "value": "dagl"
+  },
+  {
+    "Type": "altinn",
+    "value": "apiadm"
+  }
+]
\ No newline at end of file
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyAccessListDontSupportPersonRequest.json b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyAccessListDontSupportPersonRequest.json
new file mode 100644
index 00000000..ae68a794
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyAccessListDontSupportPersonRequest.json
@@ -0,0 +1,40 @@
+{
+  "Request": {
+    "ReturnPolicyIdList": true,
+    "AccessSubject": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:userid",
+            "Value": "1337"
+          }
+        ]
+      }
+    ],
+    "Action": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+            "Value": "write",
+            "DataType": "http://www.w3.org/2001/XMLSchema#string"
+          }
+        ]
+      }
+    ],
+    "Resource": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:resource",
+            "Value": "ttd-accesslist-resource-with-actionfilter"
+          },
+          {
+            "AttributeId": "urn:altinn:partyid",
+            "Value": "501337"
+          }
+        ]
+      }
+    ]
+  }
+}
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyAccessListDontSupportPersonResponse.json b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyAccessListDontSupportPersonResponse.json
new file mode 100644
index 00000000..daf3682e
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyAccessListDontSupportPersonResponse.json
@@ -0,0 +1,19 @@
+{
+  "response": [
+    {
+      "decision": "Deny",
+      "status": {
+        "statusMessage": null,
+        "statusDetails": null,
+        "statusCode": {
+          "value": "urn:oasis:names:tc:xacml:1.0:status:ok",
+          "statusCode": null
+        }
+      },
+      "obligations": null,
+      "associateAdvice": null,
+      "category": null,
+      "policyIdentifierList": null
+    }
+  ]
+}
\ No newline at end of file
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyActionFilterNotMatchingRequest.json b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyActionFilterNotMatchingRequest.json
new file mode 100644
index 00000000..7de33af7
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyActionFilterNotMatchingRequest.json
@@ -0,0 +1,40 @@
+{
+  "Request": {
+    "ReturnPolicyIdList": true,
+    "AccessSubject": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:userid",
+            "Value": "20000490"
+          }
+        ]
+      }
+    ],
+    "Action": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+            "Value": "write",
+            "DataType": "http://www.w3.org/2001/XMLSchema#string"
+          }
+        ]
+      }
+    ],
+    "Resource": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:resource",
+            "Value": "ttd-accesslist-resource-with-actionfilter"
+          },
+          {
+            "AttributeId": "urn:altinn:organization:identifier-no",
+            "Value": "910459880"
+          }
+        ]
+      }
+    ]
+  }
+}
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyActionFilterNotMatchingResponse.json b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyActionFilterNotMatchingResponse.json
new file mode 100644
index 00000000..daf3682e
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyActionFilterNotMatchingResponse.json
@@ -0,0 +1,19 @@
+{
+  "response": [
+    {
+      "decision": "Deny",
+      "status": {
+        "statusMessage": null,
+        "statusDetails": null,
+        "statusCode": {
+          "value": "urn:oasis:names:tc:xacml:1.0:status:ok",
+          "statusCode": null
+        }
+      },
+      "obligations": null,
+      "associateAdvice": null,
+      "category": null,
+      "policyIdentifierList": null
+    }
+  ]
+}
\ No newline at end of file
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyRequest.json b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyRequest.json
new file mode 100644
index 00000000..de2d33d1
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyRequest.json
@@ -0,0 +1,40 @@
+{
+  "Request": {
+    "ReturnPolicyIdList": true,
+    "AccessSubject": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:userid",
+            "Value": "1337"
+          }
+        ]
+      }
+    ],
+    "Action": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+            "Value": "write",
+            "DataType": "http://www.w3.org/2001/XMLSchema#string"
+          }
+        ]
+      }
+    ],
+    "Resource": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:resource",
+            "Value": "ttd-accesslist-resource"
+          },
+          {
+            "AttributeId": "urn:altinn:partyid",
+            "Value": "500000"
+          }
+        ]
+      }
+    ]
+  }
+}
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyResponse.json b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyResponse.json
new file mode 100644
index 00000000..daf3682e
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_DenyResponse.json
@@ -0,0 +1,19 @@
+{
+  "response": [
+    {
+      "decision": "Deny",
+      "status": {
+        "statusMessage": null,
+        "statusDetails": null,
+        "statusCode": {
+          "value": "urn:oasis:names:tc:xacml:1.0:status:ok",
+          "statusCode": null
+        }
+      },
+      "obligations": null,
+      "associateAdvice": null,
+      "category": null,
+      "policyIdentifierList": null
+    }
+  ]
+}
\ No newline at end of file
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitRequest.json b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitRequest.json
new file mode 100644
index 00000000..ac478238
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitRequest.json
@@ -0,0 +1,40 @@
+{
+  "Request": {
+    "ReturnPolicyIdList": true,
+    "AccessSubject": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:userid",
+            "Value": "20000490"
+          }
+        ]
+      }
+    ],
+    "Action": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+            "Value": "read",
+            "DataType": "http://www.w3.org/2001/XMLSchema#string"
+          }
+        ]
+      }
+    ],
+    "Resource": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:resource",
+            "Value": "ttd-accesslist-resource"
+          },
+          {
+            "AttributeId": "urn:altinn:partyid",
+            "Value": "50005545"
+          }
+        ]
+      }
+    ]
+  }
+}
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitResponse.json b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitResponse.json
new file mode 100644
index 00000000..f6efcc08
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitResponse.json
@@ -0,0 +1,32 @@
+{
+  "response": [
+    {
+      "decision": "Permit",
+      "status": {
+        "statusMessage": null,
+        "statusDetails": null,
+        "statusCode": {
+          "value": "urn:oasis:names:tc:xacml:1.0:status:ok",
+          "statusCode": null
+        }
+      },
+      "obligations": [
+        {
+          "id": "urn:altinn:obligation:1",
+          "attributeAssignment": [
+            {
+              "attributeId": "urn:altinn:obligation-assignment:1",
+              "value": "3",
+              "category": "urn:altinn:minimum-authenticationlevel",
+              "dataType": "http://www.w3.org/2001/XMLSchema#integer",
+              "issuer": null
+            }
+          ]
+        }
+      ],
+      "associateAdvice": null,
+      "category": null,
+      "policyIdentifierList": null
+    }
+  ]
+}
\ No newline at end of file
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitWithActionFilterMatchRequest.json b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitWithActionFilterMatchRequest.json
new file mode 100644
index 00000000..9d683a72
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitWithActionFilterMatchRequest.json
@@ -0,0 +1,40 @@
+{
+  "Request": {
+    "ReturnPolicyIdList": true,
+    "AccessSubject": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:userid",
+            "Value": "20000490"
+          }
+        ]
+      }
+    ],
+    "Action": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+            "Value": "read",
+            "DataType": "http://www.w3.org/2001/XMLSchema#string"
+          }
+        ]
+      }
+    ],
+    "Resource": [
+      {
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:resource",
+            "Value": "ttd-accesslist-resource-with-actionfilter"
+          },
+          {
+            "AttributeId": "urn:altinn:partyid",
+            "Value": "50005545"
+          }
+        ]
+      }
+    ]
+  }
+}
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitWithActionFilterMatchResponse.json b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitWithActionFilterMatchResponse.json
new file mode 100644
index 00000000..f6efcc08
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ResourceRegistry_AccessListAuthorization_Json_PermitWithActionFilterMatchResponse.json
@@ -0,0 +1,32 @@
+{
+  "response": [
+    {
+      "decision": "Permit",
+      "status": {
+        "statusMessage": null,
+        "statusDetails": null,
+        "statusCode": {
+          "value": "urn:oasis:names:tc:xacml:1.0:status:ok",
+          "statusCode": null
+        }
+      },
+      "obligations": [
+        {
+          "id": "urn:altinn:obligation:1",
+          "attributeAssignment": [
+            {
+              "attributeId": "urn:altinn:obligation-assignment:1",
+              "value": "3",
+              "category": "urn:altinn:minimum-authenticationlevel",
+              "dataType": "http://www.w3.org/2001/XMLSchema#integer",
+              "issuer": null
+            }
+          ]
+        }
+      ],
+      "associateAdvice": null,
+      "category": null,
+      "policyIdentifierList": null
+    }
+  ]
+}
\ No newline at end of file
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ttd-accesslist-resource-with-actionfilter/policy.xml b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ttd-accesslist-resource-with-actionfilter/policy.xml
new file mode 100644
index 00000000..ede33bac
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ttd-accesslist-resource-with-actionfilter/policy.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xacml:Policy xmlns:xsl="http://www.w3.org/2001/XMLSchema-instance" xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:altinn:example:policyid:1" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides">
+	<xacml:Target/>
+	<xacml:Rule RuleId="urn:altinn:example:ruleid:1" Effect="Permit">
+		<xacml:Description>A rule giving user with role PRIV or DAGL and the ttd the right to read and write to this AccessList Authorized Resource</xacml:Description>
+		<xacml:Target>
+			<xacml:AnyOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">PRIV</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DAGL</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ttd</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+			</xacml:AnyOf>
+			<xacml:AnyOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ttd-accesslist-resource-with-actionfilter</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:resource" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+			</xacml:AnyOf>
+			<xacml:AnyOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+			</xacml:AnyOf>
+		</xacml:Target>
+	</xacml:Rule>
+	<xacml:ObligationExpressions>
+		<xacml:ObligationExpression FulfillOn="Permit" ObligationId="urn:altinn:obligation:1">
+			<xacml:AttributeAssignmentExpression AttributeId="urn:altinn:obligation-assignment:1" Category="urn:altinn:minimum-authenticationlevel">
+				<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">3</xacml:AttributeValue>
+			</xacml:AttributeAssignmentExpression>
+		</xacml:ObligationExpression>
+	</xacml:ObligationExpressions>
+</xacml:Policy>
\ No newline at end of file
diff --git a/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ttd-accesslist-resource/policy.xml b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ttd-accesslist-resource/policy.xml
new file mode 100644
index 00000000..f159c11c
--- /dev/null
+++ b/test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ttd-accesslist-resource/policy.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xacml:Policy xmlns:xsl="http://www.w3.org/2001/XMLSchema-instance" xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:altinn:example:policyid:1" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides">
+	<xacml:Target/>
+	<xacml:Rule RuleId="urn:altinn:example:ruleid:1" Effect="Permit">
+		<xacml:Description>A rule giving user with role PRIV or DAGL and the ttd the right to read and write to this AccessList Authorized Resource</xacml:Description>
+		<xacml:Target>
+			<xacml:AnyOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">PRIV</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DAGL</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ttd</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+			</xacml:AnyOf>
+			<xacml:AnyOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ttd-accesslist-resource</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:resource" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+			</xacml:AnyOf>
+			<xacml:AnyOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+			</xacml:AnyOf>
+		</xacml:Target>
+	</xacml:Rule>
+	<xacml:ObligationExpressions>
+		<xacml:ObligationExpression FulfillOn="Permit" ObligationId="urn:altinn:obligation:1">
+			<xacml:AttributeAssignmentExpression AttributeId="urn:altinn:obligation-assignment:1" Category="urn:altinn:minimum-authenticationlevel">
+				<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">3</xacml:AttributeValue>
+			</xacml:AttributeAssignmentExpression>
+		</xacml:ObligationExpression>
+	</xacml:ObligationExpressions>
+</xacml:Policy>
\ No newline at end of file
diff --git a/test/IntegrationTests/DelegationsControllerTest.cs b/test/IntegrationTests/DelegationsControllerTest.cs
index da8609ec..79e8f217 100644
--- a/test/IntegrationTests/DelegationsControllerTest.cs
+++ b/test/IntegrationTests/DelegationsControllerTest.cs
@@ -6,6 +6,7 @@
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Threading.Tasks;
+using Altinn.Common.AccessToken.Services;
 using Altinn.Platform.Authorization.Constants;
 using Altinn.Platform.Authorization.Controllers;
 using Altinn.Platform.Authorization.IntegrationTests.Data;
@@ -1287,6 +1288,7 @@ private HttpClient GetTestClient(DelegationChangeEventQueueMock queueMock = null
                     services.AddSingleton<IPolicyRepository, PolicyRepositoryMock>();
                     services.AddSingleton<IDelegationChangeEventQueue>(queueMock);
                     services.AddSingleton<IPostConfigureOptions<JwtCookieOptions>, JwtCookiePostConfigureOptionsStub>();
+                    services.AddSingleton<IPublicSigningKeyProvider, PublicSigningKeyProviderMock>();
                 });
             }).CreateClient(new WebApplicationFactoryClientOptions { AllowAutoRedirect = false });
 
diff --git a/test/IntegrationTests/ExternalDecisionTest.cs b/test/IntegrationTests/ExternalDecisionTest.cs
index df5dadbc..b85e5984 100644
--- a/test/IntegrationTests/ExternalDecisionTest.cs
+++ b/test/IntegrationTests/ExternalDecisionTest.cs
@@ -4,6 +4,7 @@
 using Altinn.Authorization.ABAC.Interface;
 using Altinn.Authorization.ABAC.Xacml;
 using Altinn.Authorization.ABAC.Xacml.JsonProfile;
+using Altinn.Common.AccessToken.Services;
 using Altinn.Common.Authentication.Configuration;
 using Altinn.Platform.Authorization.Controllers;
 using Altinn.Platform.Authorization.IntegrationTests.MockServices;
@@ -36,7 +37,7 @@ public ExternalDecisionTest(CustomWebApplicationFactory<DecisionController> fixt
         [Fact]
         public async Task PDPExternal_Decision_AltinnApps0008()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
             string testCase = "AltinnApps0008";
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
@@ -53,7 +54,7 @@ public async Task PDPExternal_Decision_AltinnApps0008()
         [Fact]
         public async Task PDPExternal_Decision_AltinnApps0010()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
             string testCase = "AltinnApps0010";
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
@@ -70,7 +71,7 @@ public async Task PDPExternal_Decision_AltinnApps0010()
         [Fact]
         public async Task PDPExternal_Decision_AltinnResourceRegistry0005()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
             string testCase = "AltinnResourceRegistry0005";
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
@@ -87,7 +88,7 @@ public async Task PDPExternal_Decision_AltinnResourceRegistry0005()
         [Fact]
         public async Task PDPExternal_Decision_AltinnResourceRegistry0006()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
 
             string testCase = "AltinnResourceRegistry0006";
             HttpClient client = GetTestClient();
@@ -106,7 +107,7 @@ public async Task PDPExternal_Decision_AltinnResourceRegistry0006()
         [Fact]
         public async Task PDPExternal_Decision_AltinnResourceRegistry0007()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
             string testCase = "AltinnResourceRegistry0007";
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
@@ -123,7 +124,7 @@ public async Task PDPExternal_Decision_AltinnResourceRegistry0007()
         [Fact]
         public async Task PDPExternal_Decision_AltinnResourceRegistry0008()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
             string testCase = "AltinnResourceRegistry0008";
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
@@ -143,7 +144,7 @@ public async Task PDPExternal_Decision_AltinnResourceRegistry0008()
         [Fact]
         public async Task PDPExternal_Decision_AltinnResourceRegistry0009()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
             string testCase = "AltinnResourceRegistry0009";
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
@@ -163,7 +164,7 @@ public async Task PDPExternal_Decision_AltinnResourceRegistry0009()
         [Fact]
         public async Task PDPExternal_Decision_AltinnResourceRegistry0010()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
             string testCase = "AltinnResourceRegistry0010";
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
@@ -183,7 +184,7 @@ public async Task PDPExternal_Decision_AltinnResourceRegistry0010()
         [Fact]
         public async Task PDPExternal_Decision_AltinnResourceRegistry0011()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
             string testCase = "AltinnResourceRegistry0011";
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
@@ -203,7 +204,7 @@ public async Task PDPExternal_Decision_AltinnResourceRegistry0011()
         [Fact]
         public async Task PDPExternal_Decision_SystemUserWithResourceDelegation_Permit()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
             string testCase = "ResourceRegistry_SystemUserWithDelegation_Permit";
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
@@ -223,7 +224,7 @@ public async Task PDPExternal_Decision_SystemUserWithResourceDelegation_Permit()
         [Fact]
         public async Task PDPExternal_Decision_SystemUserWithAppDelegation_Permit()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
             string testCase = "AltinnApps_SystemUserWithDelegation_Permit";
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
@@ -243,7 +244,7 @@ public async Task PDPExternal_Decision_SystemUserWithAppDelegation_Permit()
         [Fact]
         public async Task PDPExternal_Decision_SystemUserWithDelegation_TooManyRequestSubjects_Indeterminate()
         {
-            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization:pdp");
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
             string testCase = "ResourceRegistry_SystemUserWithDelegation_TooManyRequestSubjects_Indeterminate";
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
@@ -275,7 +276,9 @@ private HttpClient GetTestClient()
                     services.AddSingleton<IPostConfigureOptions<JwtCookieOptions>, JwtCookiePostConfigureOptionsStub>();
                     services.AddSingleton<IPostConfigureOptions<OidcProviderSettings>, OidcProviderPostConfigureSettingsStub>();
                     services.AddSingleton<IRegisterService, RegisterServiceMock>();
+                    services.AddSingleton<IResourceRegistry, ResourceRegistryMock>();
                     services.AddSingleton<IAccessManagementWrapper, AccessManagementWrapperMock>();
+                    services.AddSingleton<IPublicSigningKeyProvider, PublicSigningKeyProviderMock>();
                 });
             }).CreateClient(new WebApplicationFactoryClientOptions { AllowAutoRedirect = false });
 
diff --git a/test/IntegrationTests/MockServices/PublicSigningKeyProviderMock.cs b/test/IntegrationTests/MockServices/PublicSigningKeyProviderMock.cs
new file mode 100644
index 00000000..3e9cee93
--- /dev/null
+++ b/test/IntegrationTests/MockServices/PublicSigningKeyProviderMock.cs
@@ -0,0 +1,25 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Cryptography.X509Certificates;
+using System.Threading.Tasks;
+
+using Altinn.Common.AccessToken.Services;
+
+using Microsoft.IdentityModel.Tokens;
+
+namespace Altinn.Platform.Authorization.IntegrationTests.MockServices;
+
+public class PublicSigningKeyProviderMock : IPublicSigningKeyProvider
+{
+    public Task<IEnumerable<SecurityKey>> GetSigningKeys(string issuer)
+    {
+        List<SecurityKey> signingKeys = new List<SecurityKey>();
+
+        X509Certificate2 cert = new X509Certificate2($"{issuer}-org.pem");
+        SecurityKey key = new X509SecurityKey(cert);
+
+        signingKeys.Add(key);
+
+        return Task.FromResult(signingKeys.AsEnumerable());
+    }
+}
diff --git a/test/IntegrationTests/MockServices/RegisterServiceMock.cs b/test/IntegrationTests/MockServices/RegisterServiceMock.cs
index 5bc32f16..033aedcb 100644
--- a/test/IntegrationTests/MockServices/RegisterServiceMock.cs
+++ b/test/IntegrationTests/MockServices/RegisterServiceMock.cs
@@ -7,7 +7,7 @@
 using Altinn.Platform.Authorization.Exceptions;
 using Altinn.Platform.Authorization.Services.Interfaces;
 using Altinn.Platform.Register.Models;
-
+using Microsoft.Extensions.Caching.Memory;
 using Newtonsoft.Json;
 
 namespace Altinn.Platform.Events.Tests.Mocks
@@ -15,6 +15,7 @@ namespace Altinn.Platform.Events.Tests.Mocks
     public class RegisterServiceMock : IRegisterService
     {
         private readonly int _partiesCollection;
+        private IMemoryCache _memoryCache = new MemoryCache(new MemoryCacheOptions());
 
         public RegisterServiceMock(int partiesCollection = 1)
         {
@@ -23,39 +24,72 @@ public RegisterServiceMock(int partiesCollection = 1)
 
         public async Task<Party> GetParty(int partyId)
         {
-            Party party = null;
-            string partyPath = GetPartyPath(partyId);
-            if (File.Exists(partyPath))
+            string cacheKey = $"p:{partyId}";
+            if (!_memoryCache.TryGetValue(cacheKey, out Party party))
             {
-                string content = File.ReadAllText(partyPath);
-                party = JsonConvert.DeserializeObject<Party>(content);
+                string partyPath = GetPartyPath(partyId);
+                if (File.Exists(partyPath))
+                {
+                    string content = File.ReadAllText(partyPath);
+                    party = JsonConvert.DeserializeObject<Party>(content);
+                }
+
+                if (party != null)
+                {
+                    PutInCache(cacheKey, 10, party);
+                }
             }
 
             return await Task.FromResult(party);
         }
 
-        public async Task<int> PartyLookup(string orgNo, string person)
+        public async Task<Party> PartyLookup(string orgNo, string person)
         {
-            string eventsPath = Path.Combine(GetPartiesPath(), $@"{_partiesCollection}.json");
-            int partyId = 0;
+            string cacheKey;
+            PartyLookup partyLookup;
 
-            if (File.Exists(eventsPath))
+            if (!string.IsNullOrWhiteSpace(orgNo))
+            {
+                cacheKey = $"org:{orgNo}";
+                partyLookup = new PartyLookup { OrgNo = orgNo };
+            }
+            else if (!string.IsNullOrWhiteSpace(person))
+            {
+                cacheKey = $"fnr:{person}";
+                partyLookup = new PartyLookup { Ssn = person };
+            }
+            else
             {
-                string content = File.ReadAllText(eventsPath);
-                List<Party> parties = JsonConvert.DeserializeObject<List<Party>>(content);
+                return null;
+            }
+
+            if (!_memoryCache.TryGetValue(cacheKey, out Party party))
+            {
+                string eventsPath = Path.Combine(GetPartiesPath(), $@"{_partiesCollection}.json");
 
-                if (!string.IsNullOrEmpty(orgNo))
+                if (File.Exists(eventsPath))
                 {
-                    partyId = parties.Where(p => p.OrgNumber != null && p.OrgNumber.Equals(orgNo)).Select(p => p.PartyId).FirstOrDefault();
+                    string content = File.ReadAllText(eventsPath);
+                    List<Party> parties = JsonConvert.DeserializeObject<List<Party>>(content);
+
+                    if (!string.IsNullOrEmpty(orgNo))
+                    {
+                        party = parties.Where(p => p.OrgNumber != null && p.OrgNumber.Equals(orgNo)).FirstOrDefault();
+                    }
+                    else
+                    {
+                        party = parties.Where(p => p.SSN != null && p.SSN.Equals(person)).FirstOrDefault();
+                    }
                 }
-                else
+
+                if (party != null)
                 {
-                    partyId = parties.Where(p => p.SSN != null && p.SSN.Equals(person)).Select(p => p.PartyId).FirstOrDefault();
+                    PutInCache(cacheKey, 10, party);
                 }
             }
 
-            return partyId > 0
-                ? partyId
+            return party != null
+                ? await Task.FromResult(party)
                 : throw await PlatformHttpException.CreateAsync(new HttpResponseMessage
                 { Content = new StringContent(string.Empty), StatusCode = System.Net.HttpStatusCode.NotFound });
         }
@@ -71,5 +105,14 @@ private static string GetPartyPath(int partyId)
             string unitTestFolder = Path.GetDirectoryName(new Uri(typeof(RegisterServiceMock).Assembly.Location).LocalPath);
             return Path.Combine(unitTestFolder, "..", "..", "..", "Data", "Register", partyId.ToString() + ".json");
         }
+
+        private void PutInCache(string cachekey, int cacheTimeout, object cacheObject)
+        {
+            var cacheEntryOptions = new MemoryCacheEntryOptions()
+               .SetPriority(CacheItemPriority.High)
+               .SetAbsoluteExpiration(new TimeSpan(0, cacheTimeout, 0));
+
+            _memoryCache.Set(cachekey, cacheObject, cacheEntryOptions);
+        }
     }
 }
diff --git a/test/IntegrationTests/MockServices/ResourceRegistryMock.cs b/test/IntegrationTests/MockServices/ResourceRegistryMock.cs
index c56d3772..f85c1106 100644
--- a/test/IntegrationTests/MockServices/ResourceRegistryMock.cs
+++ b/test/IntegrationTests/MockServices/ResourceRegistryMock.cs
@@ -1,45 +1,149 @@
 using System;
+using System.Collections.Generic;
 using System.IO;
+using System.Linq;
+using System.Text.Json;
+using System.Threading;
 using System.Threading.Tasks;
 using System.Xml;
 using Altinn.Authorization.ABAC.Utils;
 using Altinn.Authorization.ABAC.Xacml;
+using Altinn.Authorization.Models.Register;
+using Altinn.Authorization.Models.ResourceRegistry;
 using Altinn.Platform.Authorization.Services.Interface;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Caching.Memory;
 
-namespace Altinn.Platform.Authorization.IntegrationTests.MockServices
+namespace Altinn.Platform.Authorization.IntegrationTests.MockServices;
+
+public class ResourceRegistryMock : IResourceRegistry
 {
-    public class ResourceRegistryMock : IResourceRegistry
+    private readonly JsonSerializerOptions options = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
+    private IMemoryCache _memoryCache = new MemoryCache(new MemoryCacheOptions());
+
+    public Task<ServiceResource> GetResourceAsync(string resourceId, CancellationToken cancellationToken = default)
     {
-        public async Task<XacmlPolicy> GetResourcePolicyAsync(string resourceId)
+        string cacheKey = "r:" + resourceId;
+        if (!_memoryCache.TryGetValue(cacheKey, out ServiceResource resource))
         {
-            if (File.Exists(Path.Combine(GetResourceRegistryPolicyPath(resourceId), "policy.xml")))
+            string unitTestFolder = Path.GetDirectoryName(new Uri(typeof(AltinnApps_DecisionTests).Assembly.Location).LocalPath);
+            string resourceListPath = Path.Combine(unitTestFolder, "Data", "Json", "ResourceList", "ResourceList.json");
+            if (File.Exists(resourceListPath))
+            {
+                string content = File.ReadAllText(resourceListPath);
+                List<ServiceResource> resourceList = JsonSerializer.Deserialize<List<ServiceResource>>(content, options);
+                return Task.FromResult(resourceList.Find(r => r.Identifier.Equals(resourceId)));
+            }
+
+            if (resource != null)
             {
-                return await Task.FromResult(ParsePolicy("policy.xml", GetResourceRegistryPolicyPath(resourceId)));
+                PutInCache(cacheKey, 5, resource);
             }
-           
-            return null;
         }
 
-        private static string GetResourceRegistryPolicyPath(string resourceId)
+        return Task.FromResult(resource);
+    }
+
+    public async Task<XacmlPolicy> GetResourcePolicyAsync(string resourceId, CancellationToken cancellationToken = default)
+    {
+        string cacheKey = "resourcepolicy:" + resourceId;
+        if (!_memoryCache.TryGetValue(cacheKey, out XacmlPolicy policy))
         {
-            string unitTestFolder = Path.GetDirectoryName(new Uri(typeof(AltinnApps_DecisionTests).Assembly.Location).LocalPath);
-            return Path.Combine(unitTestFolder, "..", "..", "..", "Data", "Xacml", "3.0", "ResourceRegistry", resourceId);
+            if (File.Exists(Path.Combine(GetResourceRegistryPolicyPath(resourceId), "policy.xml")))
+            {
+                policy = await Task.FromResult(ParsePolicy("policy.xml", GetResourceRegistryPolicyPath(resourceId)));
+            }
+
+            if (policy != null)
+            {
+                if (File.Exists(Path.Combine(GetResourceRegistryPolicyPath(resourceId), "policy.xml")))
+                {
+                    return await Task.FromResult(ParsePolicy("policy.xml", GetResourceRegistryPolicyPath(resourceId)));
+                }
+
+                PutInCache(cacheKey, 5, policy);
+            }
         }
-        
-        public static XacmlPolicy ParsePolicy(string policyDocumentTitle, string policyPath)
+
+        return policy;
+    }
+
+    public Task<IEnumerable<AccessListResourceMembershipWithActionFilterDto>> GetMembershipsForResourceForParty(PartyUrn partyUrn, ResourceIdUrn resourceIdUrn, CancellationToken cancellationToken = default)
+    {
+        partyUrn.IsPartyUuid(out Guid partyUuid);
+        partyUrn.IsOrganizationIdentifier(out OrganizationNumber partyOrgNum);
+        resourceIdUrn.IsResourceId(out ResourceIdentifier resourceId);
+
+        string cacheKey = $"AccListMemb|{partyUrn}|{resourceIdUrn}";
+        if (!_memoryCache.TryGetValue(cacheKey, out IEnumerable<AccessListResourceMembershipWithActionFilterDto> memberships))
         {
-            XmlDocument policyDocument = new XmlDocument();
+            if (partyOrgNum.ToString() == "910459880" && resourceId.ToString() == "ttd-accesslist-resource")
+            {
+                memberships = JsonSerializer.Deserialize<IEnumerable<AccessListResourceMembershipWithActionFilterDto>>(
+                """
+                [
+                  {
+                    "party": "urn:altinn:party:uuid:00000000-0000-0000-0005-000000005545",
+                    "resource": "urn:altinn:resource:ttd-accesslist-resource",
+                    "since": "2024-08-27T15:15:55.446051+00:00"
+                  }
+                ]
+                """,
+                options);
+            }
+            else if (partyOrgNum.ToString() == "910459880" && resourceId.ToString() == "ttd-accesslist-resource-with-actionfilter")
+            {
+                memberships = JsonSerializer.Deserialize<IEnumerable<AccessListResourceMembershipWithActionFilterDto>>(
+                """
+                [
+                  {
+                    "party": "urn:altinn:party:uuid:00000000-0000-0000-0005-000000005545",
+                    "resource": "urn:altinn:resource:ttd-accesslist-resource",
+                    "since": "2024-08-27T15:15:55.446051+00:00",
+                    "actionFilters": [
+                      "read"
+                    ]
+                  }
+                ]
+            """,
+                options);
+            }
 
-            policyDocument.Load(Path.Combine(policyPath, policyDocumentTitle));
-            XacmlPolicy policy;
-            using (XmlReader reader = XmlReader.Create(new StringReader(policyDocument.OuterXml)))
+            if (memberships != null)
             {
-                policy = XacmlParser.ParseXacmlPolicy(reader);
+                PutInCache(cacheKey, 5, memberships);
+                return Task.FromResult(memberships);
             }
+        }
+
+        return Task.FromResult(Enumerable.Empty<AccessListResourceMembershipWithActionFilterDto>());
+    }
 
-            return policy;
+    private static string GetResourceRegistryPolicyPath(string resourceId)
+    {
+        string unitTestFolder = Path.GetDirectoryName(new Uri(typeof(AltinnApps_DecisionTests).Assembly.Location).LocalPath);
+        return Path.Combine(unitTestFolder, "..", "..", "..", "Data", "Xacml", "3.0", "ResourceRegistry", resourceId);
+    }
+    
+    public static XacmlPolicy ParsePolicy(string policyDocumentTitle, string policyPath)
+    {
+        XmlDocument policyDocument = new XmlDocument();
+
+        policyDocument.Load(Path.Combine(policyPath, policyDocumentTitle));
+        XacmlPolicy policy;
+        using (XmlReader reader = XmlReader.Create(new StringReader(policyDocument.OuterXml)))
+        {
+            policy = XacmlParser.ParseXacmlPolicy(reader);
         }
+
+        return policy;
+    }
+
+    private void PutInCache(string cachekey, int cacheTimeout, object cacheObject)
+    {
+        var cacheEntryOptions = new MemoryCacheEntryOptions()
+           .SetPriority(CacheItemPriority.High)
+           .SetAbsoluteExpiration(new TimeSpan(0, cacheTimeout, 0));
+
+        _memoryCache.Set(cachekey, cacheObject, cacheEntryOptions);
     }
 }
diff --git a/test/IntegrationTests/PartiesControllerTest.cs b/test/IntegrationTests/PartiesControllerTest.cs
index 93691325..cac8eebc 100644
--- a/test/IntegrationTests/PartiesControllerTest.cs
+++ b/test/IntegrationTests/PartiesControllerTest.cs
@@ -2,6 +2,7 @@
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Threading.Tasks;
+using Altinn.Common.AccessToken.Services;
 using Altinn.Platform.Authorization.Controllers;
 using Altinn.Platform.Authorization.IntegrationTests.MockServices;
 using Altinn.Platform.Authorization.IntegrationTests.Util;
@@ -61,6 +62,7 @@ private HttpClient GetTestClient()
                     services.AddSingleton<IPolicyRepository, PolicyRepositoryMock>();
                     services.AddSingleton<IDelegationChangeEventQueue, DelegationChangeEventQueueMock>();
                     services.AddSingleton<IPostConfigureOptions<JwtCookieOptions>, JwtCookiePostConfigureOptionsStub>();
+                    services.AddSingleton<IPublicSigningKeyProvider, PublicSigningKeyProviderMock>();
                 });
             }).CreateClient(new WebApplicationFactoryClientOptions { AllowAutoRedirect = false });
 
diff --git a/test/IntegrationTests/PolicyControllerTest.cs b/test/IntegrationTests/PolicyControllerTest.cs
index 1c8bcaf6..663d6df3 100644
--- a/test/IntegrationTests/PolicyControllerTest.cs
+++ b/test/IntegrationTests/PolicyControllerTest.cs
@@ -6,6 +6,7 @@
 using System.Net.Http.Headers;
 using System.Threading.Tasks;
 using Altinn.Authorization.ABAC.Constants;
+using Altinn.Common.AccessToken.Services;
 using Altinn.Platform.Authorization.Constants;
 using Altinn.Platform.Authorization.Controllers;
 using Altinn.Platform.Authorization.IntegrationTests.Data;
@@ -492,6 +493,7 @@ private HttpClient GetTestClient()
                     services.AddSingleton<IPolicyRepository, PolicyRepositoryMock>();
                     services.AddSingleton<IDelegationChangeEventQueue, DelegationChangeEventQueueMock>();
                     services.AddSingleton<IPostConfigureOptions<JwtCookieOptions>, JwtCookiePostConfigureOptionsStub>();
+                    services.AddSingleton<IPublicSigningKeyProvider, PublicSigningKeyProviderMock>();
                 });
             }).CreateClient(new WebApplicationFactoryClientOptions { AllowAutoRedirect = false });
 
diff --git a/test/IntegrationTests/ResourceRegistry_DecisionTests.cs b/test/IntegrationTests/ResourceRegistry_DecisionTests.cs
index fe3757d7..f5a0c9ce 100644
--- a/test/IntegrationTests/ResourceRegistry_DecisionTests.cs
+++ b/test/IntegrationTests/ResourceRegistry_DecisionTests.cs
@@ -99,6 +99,96 @@ public async Task PDP_Decision_ResourceRegistry_OedFormuesfullmakt_Json_Indeterm
             AssertionUtil.AssertEqual(expected, contextResponse);
         }
 
+        /// <summary>
+        /// Tests the scenario where the reportee organization has access to 'ttd-accesslist-resource' through access list membership without any action filter.
+        /// </summary>
+        [Fact]
+        public async Task PDP_Decision_ResourceRegistry_AccessListAuthorization_Json_Permit()
+        {
+            string testCase = "ResourceRegistry_AccessListAuthorization_Json_Permit";
+            HttpClient client = GetTestClient();
+            HttpRequestMessage httpRequestMessage = TestSetupUtil.CreateJsonProfileXacmlRequest(testCase);
+            XacmlJsonResponse expected = TestSetupUtil.ReadExpectedJsonProfileResponse(testCase);
+
+            // Act
+            XacmlJsonResponse contextResponse = await TestSetupUtil.GetXacmlJsonProfileContextResponseAsync(client, httpRequestMessage);
+
+            // Assert
+            AssertionUtil.AssertEqual(expected, contextResponse);
+        }
+
+        /// <summary>
+        /// Tests the scenario where the reportee organization does NOT have access to 'ttd-accesslist-resource' through any access list membership.
+        /// </summary>
+        [Fact]
+        public async Task PDP_Decision_ResourceRegistry_AccessListAuthorization_Json_Deny()
+        {
+            string testCase = "ResourceRegistry_AccessListAuthorization_Json_Deny";
+            HttpClient client = GetTestClient();
+            HttpRequestMessage httpRequestMessage = TestSetupUtil.CreateJsonProfileXacmlRequest(testCase);
+            XacmlJsonResponse expected = TestSetupUtil.ReadExpectedJsonProfileResponse(testCase);
+
+            // Act
+            XacmlJsonResponse contextResponse = await TestSetupUtil.GetXacmlJsonProfileContextResponseAsync(client, httpRequestMessage);
+
+            // Assert
+            AssertionUtil.AssertEqual(expected, contextResponse);
+        }
+
+        /// <summary>
+        /// Tests the scenario where the reportee organization has access to 'ttd-accesslist-resource' through access list membership with matching action filter.
+        /// </summary>
+        [Fact]
+        public async Task PDP_Decision_ResourceRegistry_AccessListAuthorization_Json_PermitWithActionFilterMatch()
+        {
+            string testCase = "ResourceRegistry_AccessListAuthorization_Json_PermitWithActionFilterMatch";
+            HttpClient client = GetTestClient();
+            HttpRequestMessage httpRequestMessage = TestSetupUtil.CreateJsonProfileXacmlRequest(testCase);
+            XacmlJsonResponse expected = TestSetupUtil.ReadExpectedJsonProfileResponse(testCase);
+
+            // Act
+            XacmlJsonResponse contextResponse = await TestSetupUtil.GetXacmlJsonProfileContextResponseAsync(client, httpRequestMessage);
+
+            // Assert
+            AssertionUtil.AssertEqual(expected, contextResponse);
+        }
+
+        /// <summary>
+        /// Tests the scenario where the reportee organization has access to 'ttd-accesslist-resource' through access list membership but with action filter not matching the request action.
+        /// </summary>
+        [Fact]
+        public async Task PDP_Decision_ResourceRegistry_AccessListAuthorization_Json_DenyActionFilterNotMatching()
+        {
+            string testCase = "ResourceRegistry_AccessListAuthorization_Json_DenyActionFilterNotMatching";
+            HttpClient client = GetTestClient();
+            HttpRequestMessage httpRequestMessage = TestSetupUtil.CreateJsonProfileXacmlRequest(testCase);
+            XacmlJsonResponse expected = TestSetupUtil.ReadExpectedJsonProfileResponse(testCase);
+
+            // Act
+            XacmlJsonResponse contextResponse = await TestSetupUtil.GetXacmlJsonProfileContextResponseAsync(client, httpRequestMessage);
+
+            // Assert
+            AssertionUtil.AssertEqual(expected, contextResponse);
+        }
+
+        /// <summary>
+        /// Tests the scenario where the reportee is a person. Currently the access list authorization service only supports organizations.
+        /// </summary>
+        [Fact]
+        public async Task PDP_Decision_ResourceRegistry_AccessListAuthorization_Json_DenyAccessListDontSupportPerson()
+        {
+            string testCase = "ResourceRegistry_AccessListAuthorization_Json_DenyAccessListDontSupportPerson";
+            HttpClient client = GetTestClient();
+            HttpRequestMessage httpRequestMessage = TestSetupUtil.CreateJsonProfileXacmlRequest(testCase);
+            XacmlJsonResponse expected = TestSetupUtil.ReadExpectedJsonProfileResponse(testCase);
+
+            // Act
+            XacmlJsonResponse contextResponse = await TestSetupUtil.GetXacmlJsonProfileContextResponseAsync(client, httpRequestMessage);
+
+            // Assert
+            AssertionUtil.AssertEqual(expected, contextResponse);
+        }
+
         [Fact]
         public async Task PDP_Decision_ResourceRegistry0001()
         {
diff --git a/test/IntegrationTests/Util/AssertionUtil.cs b/test/IntegrationTests/Util/AssertionUtil.cs
index 993d6fcb..1f7803cf 100644
--- a/test/IntegrationTests/Util/AssertionUtil.cs
+++ b/test/IntegrationTests/Util/AssertionUtil.cs
@@ -286,6 +286,22 @@ public static void AssertAuthorizationEvent(Mock<IEventsQueueClient> eventQueue,
                 numberOfTimes);
         }
 
+        /// <summary>
+        /// Assert that two <see cref="AccessListAuthorizationResponse"/> have the same property values.
+        /// </summary>
+        /// <param name="expected">An instance with the expected values.</param>
+        /// <param name="actual">The instance to verify.</param>
+        public static void AssertEqual(AccessListAuthorizationResponse expected, AccessListAuthorizationResponse actual)
+        {
+            Assert.NotNull(actual);
+            Assert.NotNull(expected);
+
+            Assert.Equal(expected.Result, actual.Result);
+            Assert.Equal(expected.Subject.ToString(), actual.Subject.ToString());
+            Assert.Equal(expected.Resource.ToString(), actual.Resource.ToString());
+            Assert.Equal(expected.Action.ToString(), actual.Action.ToString());
+        }
+
         private static void AssertEqual(List<AttributeMatch> expected, List<AttributeMatch> actual)
         {
             if (expected == null)
diff --git a/test/IntegrationTests/Util/JwtTokenMock.cs b/test/IntegrationTests/Util/JwtTokenMock.cs
index 3652b2c0..8edb1e8a 100644
--- a/test/IntegrationTests/Util/JwtTokenMock.cs
+++ b/test/IntegrationTests/Util/JwtTokenMock.cs
@@ -1,5 +1,6 @@
 using System;
 using System.IdentityModel.Tokens.Jwt;
+using System.IO;
 using System.Security.Claims;
 using System.Security.Cryptography.X509Certificates;
 
@@ -26,7 +27,7 @@ public static string GenerateToken(ClaimsPrincipal principal, TimeSpan tokenExpi
             {
                 Subject = new ClaimsIdentity(principal.Identity),
                 Expires = DateTime.UtcNow.AddSeconds(tokenExpiry.TotalSeconds),
-                SigningCredentials = GetSigningCredentials(),
+                SigningCredentials = GetSigningCredentials(issuer),
                 Audience = "altinn.no",
                 Issuer = issuer
             };
@@ -37,8 +38,17 @@ public static string GenerateToken(ClaimsPrincipal principal, TimeSpan tokenExpi
             return serializedToken;
         }
 
-        private static SigningCredentials GetSigningCredentials()
+        private static SigningCredentials GetSigningCredentials(string issuer)
         {
+            string certPath = "selfSignedTestCertificate.pfx";
+            if (!issuer.Equals("UnitTest") && File.Exists($"{issuer}-org.pfx"))
+            {
+                certPath = $"{issuer}-org.pfx";
+
+                X509Certificate2 certIssuer = new X509Certificate2(certPath);
+                return new X509SigningCredentials(certIssuer, SecurityAlgorithms.RsaSha256);
+            }
+
             X509Certificate2 cert = new X509Certificate2("selfSignedTestCertificate.pfx", "qwer1234");
             return new X509SigningCredentials(cert, SecurityAlgorithms.RsaSha256);
         }
diff --git a/test/IntegrationTests/Util/PrincipalUtil.cs b/test/IntegrationTests/Util/PrincipalUtil.cs
index c76f4dd1..f07321b4 100644
--- a/test/IntegrationTests/Util/PrincipalUtil.cs
+++ b/test/IntegrationTests/Util/PrincipalUtil.cs
@@ -90,10 +90,9 @@ public static ClaimsPrincipal GetClaimsPrincipal(string org, string orgNumber, s
             return new ClaimsPrincipal(identity);
         }
 
-        public static string GetAccessToken(string appId)
+        public static string GetAccessToken(string appId, string issuer = "www.altinn.no")
         {
             List<Claim> claims = new List<Claim>();
-            string issuer = "www.altinn.no";
             if (!string.IsNullOrEmpty(appId))
             {
                 claims.Add(new Claim("urn:altinn:app", appId, ClaimValueTypes.String, issuer));
diff --git a/test/IntegrationTests/platform-org.pem b/test/IntegrationTests/platform-org.pem
new file mode 100644
index 00000000..f2a42d40
--- /dev/null
+++ b/test/IntegrationTests/platform-org.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAeugAwIBAgIJANTdO8o3I8x5MA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNV
+BAMTA3R0ZDAeFw0yMDA1MjUxMjIxMzdaFw0zMDA1MjQxMjIxMzdaMA4xDDAKBgNV
+BAMTA3R0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcfTsXwwLyC
+UkIz06eadWJvG3yrzT+ZB2Oy/WPaZosDnPcnZvCDueN+oy0zTx5TyH5gCi1FvzX2
+7G2eZEKwQaRPv0yuM+McHy1rXxMSOlH/ebP9KJj3FDMUgZl1DCAjJxSAANdTwdrq
+ydVg1Crp37AQx8IIEjnBhXsfQh1uPGt1XwgeNyjl00IejxvQOPzd1CofYWwODVtQ
+l3PKn1SEgOGcB6wuHNRlnZPCIelQmqxWkcEZiu/NU+kst3NspVUQG2Jf2AF8UWgC
+rnrhMQR0Ra1Vi7bWpu6QIKYkN9q0NRHeRSsELOvTh1FgDySYJtNd2xDRSf6IvOiu
+tSipl1NZlV0CAwEAAaNkMGIwIAYDVR0OAQH/BBYEFIwq/KbSMzLETdo9NNxj0rz4
+qMqVMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAE56UmH5gEYbe
+1kVw7nrfH0R9FyVZGeQQWBn4/6Ifn+eMS9mxqe0Lq74Ue1zEzvRhRRqWYi9JlKNf
+7QQNrc+DzCceIa1U6cMXgXKuXquVHLmRfqvKHbWHJfIkaY8Mlfy++77UmbkvIzly
+T1HVhKKp6Xx0r5koa6frBh4Xo/vKBlEyQxWLWF0RPGpGErnYIosJ41M3Po3nw3lY
+f7lmH47cdXatcntj2Ho/b2wGi9+W29teVCDfHn2/0oqc7K0EOY9c2ODLjUvQyPZR
+OD2yykpyh9x/YeYHFDYdLDJ76/kIdxN43kLU4/hTrh9tMb1PZF+/4DshpAlRoQuL
+o8I8avQm/A==
+-----END CERTIFICATE-----
diff --git a/test/IntegrationTests/platform-org.pfx b/test/IntegrationTests/platform-org.pfx
new file mode 100644
index 00000000..6da835fb
Binary files /dev/null and b/test/IntegrationTests/platform-org.pfx differ