But in this editor we don't allow the user to author a template. The template is kind of static.
What we allow here is to author a section ('Condition' section) of a XACML policy, which is to be merged with the predefined template to generate a XACML policy. I agree that name "Policy Partial Editor" is kind of alien :-) How about keeping the name as "XACML policy editor" and having a preview pane to view the, to be generated (sample) XACML policy ? On Tue, Aug 26, 2014 at 7:02 PM, Sumedha Rubasinghe <sume...@wso2.com> wrote: > Policy Partial Editor does not sound good. How about 'policy template > editor'? > On Aug 26, 2014 3:12 PM, "Rushmin Fernando" <rush...@wso2.com> wrote: > >> Attached is the UI mock-up of the app create/edit screen as well as the >> policy partial editor. >> >> Thanks >> Rushmin >> >> >> On Tue, Aug 26, 2014 at 2:03 PM, Sumedha Rubasinghe <sume...@wso2.com> >> wrote: >> >>> Rushmin, >>> Can you also send a mock UI of the resources section that we discussed? >>> That will make it more clear on how Policy partials & URL templates are >>> mapped. >>> >>> >>> On Tue, Aug 26, 2014 at 1:48 PM, Rushmin Fernando <rush...@wso2.com> >>> wrote: >>> >>>> App Manager supports both database driven simple roles based resource >>>> authorization and XACML based authorization. >>>> >>>> After reviewing the existing XACML based solution, the following >>>> changes are proposed. >>>> >>>> Concepts >>>> ======= >>>> >>>> 1) Policy Partials >>>> >>>> 'Target' section of a XACML policy in App Manager can be auto >>>> generated, since the use defines the URL pattern and the action (HTTP >>>> verb) for the resources to be restricted. So only the 'rules' are the >>>> dynamic parts. >>>> >>>> So in this proposal, users are able to save the conditions of the rules >>>> (or may be the rules) against the app. These are called policy partials. >>>> >>>> 2) Applying policy partials to URL templates >>>> >>>> In App Manager publisher there is UI to add url patterns which should >>>> be applied throttling, role restrictions etc.. There will be option for the >>>> user to apply one or more policy partials which are defined in step 1, to >>>> these URL templates. >>>> >>>> 3) Policy generation >>>> >>>> Actual XACML policies will be generated, taking the policy template, >>>> applied policy partials and URL template info. There generate policies will >>>> be persistent and published via identity admin services. >>>> >>>> Please see the attached illustration for more details. >>>> >>>> >>>> >>>> >>>> -- >>>> *Rushmin Fernando* >>>> *Technical Lead* >>>> >>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >>>> >>>> email : rush...@wso2.com >>>> mobile : +94772310855 >>>> >>>> >>>> >>> >>> >>> -- >>> /sumedha >>> b : bit.ly/sumedha >>> >> >> >> >> -- >> *Rushmin Fernando* >> *Technical Lead* >> >> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >> >> email : rush...@wso2.com >> mobile : +94772310855 >> >> >> -- *Rushmin Fernando* *Technical Lead* WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware email : rush...@wso2.com mobile : +94772310855
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture