Apache CXF also has a PEP to allow authorization of web service calls to a PDP. CXF just provides a PDP interface and allows the user to plug in whatever backend they want. Here's a system test that uses a mock PDP implementation to authorize a web service invocation, where user roles are extracted from a SAML token included in the request (look for "testSaml2PEP"):
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java;h=36bc3412436bb6a259cdd81bf13a6974dd6691fe;hb=HEAD Colm. On Thu, Apr 23, 2015 at 3:32 PM, Hal Lockhart <[email protected]> wrote: > I don't know much about the project. In our proposal I identified Manifold > CF, Qpid and Archiva as projects with existing integration points for a > PDP, but did not notice Sentry. > > They claim it is "highly modular, so perhaps they have an API we could > implement. > > One good way to approach this would be to write some XACML policies which > emulate their (rather simple) policy model as a sort of proof of concept. > > Hal > > > -----Original Message----- > > From: DRAGOSH, PAMELA L (PAM) [mailto:[email protected]] > > Sent: Thursday, April 23, 2015 10:19 AM > > To: [email protected] > > Subject: sentry incubator project > > > > Does anyone know about this project? > > > > https://sentry.incubator.apache.org/ > > > > It seems that they are replicating our work or possibly they could > > utilize the openaz project in their work. > > > > Pam > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
