But in this editor we don't allow the user to author a template. The
template is kind of static.
What we allow here is to author a section ('Condition' section) of a XACML
policy, which is to be merged with the predefined template to generate a
XACML policy.
I agree that name "Policy Partial Editor" is kind of alien :-)
How about keeping the name as "XACML policy editor" and having a preview
pane to view the, to be generated (sample) XACML policy ?
On Tue, Aug 26, 2014 at 7:02 PM, Sumedha Rubasinghe <sume...@wso2.com>
wrote:
> Policy Partial Editor does not sound good. How about 'policy template
> editor'?
> On Aug 26, 2014 3:12 PM, "Rushmin Fernando" <rush...@wso2.com> wrote:
>
>> Attached is the UI mock-up of the app create/edit screen as well as the
>> policy partial editor.
>>
>> Thanks
>> Rushmin
>>
>>
>> On Tue, Aug 26, 2014 at 2:03 PM, Sumedha Rubasinghe <sume...@wso2.com>
>> wrote:
>>
>>> Rushmin,
>>> Can you also send a mock UI of the resources section that we discussed?
>>> That will make it more clear on how Policy partials & URL templates are
>>> mapped.
>>>
>>>
>>> On Tue, Aug 26, 2014 at 1:48 PM, Rushmin Fernando <rush...@wso2.com>
>>> wrote:
>>>
>>>> App Manager supports both database driven simple roles based resource
>>>> authorization and XACML based authorization.
>>>>
>>>> After reviewing the existing XACML based solution, the following
>>>> changes are proposed.
>>>>
>>>> Concepts
>>>> =======
>>>>
>>>> 1) Policy Partials
>>>>
>>>> 'Target' section of a XACML policy in App Manager can be auto
>>>> generated, since the use defines the URL pattern and the action (HTTP
>>>> verb) for the resources to be restricted. So only the 'rules' are the
>>>> dynamic parts.
>>>>
>>>> So in this proposal, users are able to save the conditions of the rules
>>>> (or may be the rules) against the app. These are called policy partials.
>>>>
>>>> 2) Applying policy partials to URL templates
>>>>
>>>> In App Manager publisher there is UI to add url patterns which should
>>>> be applied throttling, role restrictions etc.. There will be option for the
>>>> user to apply one or more policy partials which are defined in step 1, to
>>>> these URL templates.
>>>>
>>>> 3) Policy generation
>>>>
>>>> Actual XACML policies will be generated, taking the policy template,
>>>> applied policy partials and URL template info. There generate policies will
>>>> be persistent and published via identity admin services.
>>>>
>>>> Please see the attached illustration for more details.
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Rushmin Fernando*
>>>> *Technical Lead*
>>>>
>>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>>>
>>>> email : rush...@wso2.com
>>>> mobile : +94772310855
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> /sumedha
>>> b : bit.ly/sumedha
>>>
>>
>>
>>
>> --
>> *Rushmin Fernando*
>> *Technical Lead*
>>
>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>
>> email : rush...@wso2.com
>> mobile : +94772310855
>>
>>
>>
--
*Rushmin Fernando*
*Technical Lead*
WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
email : rush...@wso2.com
mobile : +94772310855
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
