Re: [Architecture] [APPM] XACML based authorization for resources

Tue, 26 Aug 2014 02:43:31 -0700 

Attached is the UI mock-up of the app create/edit screen as well as the
policy partial editor.

Thanks
Rushmin


On Tue, Aug 26, 2014 at 2:03 PM, Sumedha Rubasinghe <sume...@wso2.com>
wrote:

> Rushmin,
> Can you also send a mock UI of the resources section that we discussed?
> That will make it more clear on how Policy partials & URL templates are
> mapped.
>
>
> On Tue, Aug 26, 2014 at 1:48 PM, Rushmin Fernando <rush...@wso2.com>
> wrote:
>
>> App Manager supports both database driven simple roles based resource
>> authorization and XACML based authorization.
>>
>> After reviewing the existing XACML based solution, the following changes
>> are proposed.
>>
>> Concepts
>> =======
>>
>> 1) Policy Partials
>>
>> 'Target' section of a XACML policy in App Manager can be auto generated,
>> since the use defines the URL pattern  and the action (HTTP verb) for the
>> resources to be restricted. So only the 'rules' are the dynamic parts.
>>
>> So in this proposal, users are able to save the conditions of the rules
>> (or may be the rules) against the app. These are called policy partials.
>>
>> 2) Applying policy partials to URL templates
>>
>> In App Manager publisher there is UI to add url patterns which should be
>> applied throttling, role restrictions etc.. There will be option for the
>> user to apply one or more policy partials which are defined in step 1, to
>> these URL templates.
>>
>> 3) Policy generation
>>
>> Actual XACML policies will be generated, taking the policy template,
>> applied policy partials and URL template info. There generate policies will
>> be persistent and published via identity admin services.
>>
>> Please see the attached illustration for more details.
>>
>>
>>
>>
>> --
>> *Rushmin Fernando*
>> *Technical Lead*
>>
>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>
>> email : rush...@wso2.com
>> mobile : +94772310855
>>
>>
>>
>
>
> --
> /sumedha
> b :  bit.ly/sumedha
>



-- 
*Rushmin Fernando*
*Technical Lead*

WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware

email : rush...@wso2.com
mobile : +94772310855

Attachment: xacml_resource_authorization_ui_mockup.pdf
Description: Adobe PDF document

_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to