On Wed, Mar 2, 2011 at 7:06 PM, Paul Fremantle <p...@wso2.com> wrote:
> IS includes a full XACML interpreter. > > Paul > > On 2 March 2011 12:30, Brad Cox <bradj...@gmail.com> wrote: > >> Thanks Paul. That was our intention when we had the XACML running as a >> mediator. But FYI documentation problems stymied progress on that front too. >> The basic hangup is that WSO2 documentation doesn't use or even mention the >> PEP/PDP distinction, which is a foundation distinction in DOD-land. So web >> searches don't hit for WSO2. Same problem with XACML, until I learned to >> translate that to "entitlements" (a term that's barely used if ever in DOD). > > Thanks for sharing the paper.. I guess following will help to understand more about WSO2 and it's XACML engine.. http://blog.facilelogin.com/search/label/XACML Thanks & regards, -Prabath > >> I presume by "something similar" you mean using Sun's interpreter? Or did >> you also build a full compiler? >> >> >> On Wed, Mar 2, 2011 at 7:08 AM, Paul Fremantle <p...@wso2.com> wrote: >> >>> Brad >>> >>> We have done something similar to your paper in another DoD-style >>> project. Basically we use the ESB as a gateway that intercepts all calls and >>> applies the XACML policy. So the ESB acts as the PEP. The ESB passes >>> requests onto the IS which is the PDP. >>> >>> In order to ensure the ESB intercepts all calls we basically configure >>> the backends to only accept calls that have the right SSL/TLS client >>> certificate (over HTTPS) and then make sure the ESB is the only system that >>> has this cert. That way there is a highly efficient model from ESB to >>> Backend. >>> >>> Paul >>> >>> On 2 March 2011 11:59, Brad Cox <bradj...@gmail.com> wrote: >>> >>>> See http://bradjcox.blogspot.com for a link to a paper that may be of >>>> interest to XACML devotees. >>>> >>>> The first part of the paper describes an XACML reference implementation. >>>> Our first cut at this ran as a mediator in the ESB and was based on Sun's >>>> interpreter. This was converted to a service in WSAS and is the version >>>> delivered in Dec. >>>> >>>> XACML is so horrendous as a language and for debugging that we started >>>> work on a full compiler which is being finished for delivery as I write >>>> this. >>>> >>>> Why convert a working ESB mediator to a WSAS service? Because I've been >>>> unable to understand from the documentation how all these WSO2 products >>>> relate to each other. My mental model is an ESB is a general purpose >>>> foundation on which specialized products (like WSAS) can be constructed. >>>> This seems not to be the case with WSO2 products, since near as I can tell >>>> the ESB is not part of WSAS. I also tried the "Add Feature" menu to mix and >>>> match features but the result wouldn't even boot. To make any headway at >>>> all, I resorted to relying on nothing other than the ability of WSAS to >>>> load >>>> .AAR files. >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> Carbon-dev@wso2.org >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> >>> -- >>> Paul Fremantle >>> CTO and Co-Founder, WSO2 >>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>> >>> Office: +44 844 484 8143 >>> Cell: +44 798 447 4618 >>> >>> blog: http://pzf.fremantle.org >>> twitter.com/pzfreo >>> p...@wso2.com >>> >>> wso2.com Lean Enterprise Middleware >>> >>> Disclaimer: This communication may contain privileged or other >>> confidential information and is intended exclusively for the addressee/s. If >>> you are not the intended recipient/s, or believe that you may have received >>> this communication in error, please reply to the sender indicating that fact >>> and delete the copy you received and in addition, you should not print, >>> copy, retransmit, disseminate, or otherwise use the information contained in >>> this communication. Internet communications cannot be guaranteed to be >>> timely, secure, error or virus-free. The sender does not accept liability >>> for any errors or omissions. >>> >> >> >> >> -- >> Cell: 703-594-1883 >> Blog: http://bradjcox.blogspot.com >> Web: http://virtualschool.edu >> Manassas VA 20111 >> >> > > > -- > Paul Fremantle > CTO and Co-Founder, WSO2 > OASIS WS-RX TC Co-chair, VP, Apache Synapse > > Office: +44 844 484 8143 > Cell: +44 798 447 4618 > > blog: http://pzf.fremantle.org > twitter.com/pzfreo > p...@wso2.com > > wso2.com Lean Enterprise Middleware > > Disclaimer: This communication may contain privileged or other confidential > information and is intended exclusively for the addressee/s. If you are not > the intended recipient/s, or believe that you may have received this > communication in error, please reply to the sender indicating that fact and > delete the copy you received and in addition, you should not print, copy, > retransmit, disseminate, or otherwise use the information contained in this > communication. Internet communications cannot be guaranteed to be timely, > secure, error or virus-free. The sender does not accept liability for any > errors or omissions. > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thanks & Regards, Prabath http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev