Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Fine grained xacml authorization with pip points

4,432 views

Published on

Fine-grained xacml authorization with pip points

Published in: Education, Technology, Design
  • Be the first to comment

  • Be the first to like this

Fine grained xacml authorization with pip points

  1. 1. Fine-Grained XACML Authorization with PIP points WSO2 Identity Server 4.5.0
  2. 2. Use Case • User ‘john’ trying to get READ access by using his user id. • Authorization should be given by validating the user id against user name, requesting use name information via PIP point. • PIP requesting information from a web service.
  3. 3. PIP JAX-RS Service PEP PDP Entitlement Service SoapUI PAP Use Case Diagram
  4. 4. XACML policy information • User – john • Action – READ • Resource – web service name
  5. 5. SoapUI Request information • User Id – 124 • Action – Read • Resource – web service name
  6. 6. Implementation Steps • Implement the JAX-RS Service and host it in Application Server – Refer Blogs • http://umeshagunasinghe.blogspot.com/2013/09/how-to- create-jax-rs-service-using-wso2.html • http://umeshagunasinghe.blogspot.com/2013/09/how-to- deploy-jax-rs-service-in-wso2.html • Writing the PIP – Refer Blog • http://umeshagunasinghe.blogspot.com/2013/10/how-to- write-pip-point-for-wso2-is.html
  7. 7. Implementation Steps • Registering the PIP in Identity Server – Refer Blog • http://umeshagunasinghe.blogspot.com/2013/10/how- to-register-pip-in-wso2-is.html • Writing the XACML Policy – Refer Blog • http://umeshagunasinghe.blogspot.com/2013/10/how- to-write-simple-xacml-policy-in.html
  8. 8. Implementation Steps • Enforcing the Policy – Refer Blogs • http://umeshagunasinghe.blogspot.com/2013/10/how- to-use-try-it-tool-in-wso2-is.html • http://umeshagunasinghe.blogspot.com/2013/10/how- to-expose-entitlement-service-in.html
  9. 9. Thank You!

×