Category Archives: XACML

Authorization for APIs with XACML and OAuth 2.0

In this blog post, let see how we can implement XACML to authorize the APIs. I wish you are familiar with OAuth 2.0 and lets directly go through the diagram   OAuth access token is granted to the application from OAuth Authorization Server. Application can use the Access Token to access the API resources in …

Continue reading

XACML PDP Performance Testing with Thrift

Last time using this blog post,  We discussed on load testing the XACML PDP using Jmeter.  We uses the HTTPS transport for calling the Web Service API that has been exposed by the PDP.  With Identity Server, we can also use Thrift protocal to communicate with PDP.  It is said that thrift is more faster …

Continue reading

Access Control for Data Access Layer with XACML

Lets try to understand how XACML can be used to filter out authorized data from data access layer. Also let learn how we can implement data filtering sample with using open source XACML engine. First it is better to understand sample use case for this. Use Case KDiamond is company that sells Diamond all other …

Continue reading

Webinar on XACML – Uncovering XACML to Solve Real World Business Use Cases

Despite challenges such as performance bottlenecks, complexity and integration difficulties, XACML holds its position as the number one choice for addressing fine grain and policy based access control needs. Because of its ability to support externalized and standardized architectures, attribute based access control, and fine grained authorization, developers and architects try to minimize the adverse …

Continue reading

Policy Store Notifications with Identity Server

In administrative point of view, policy notifications play a major role… It is some kind of a must feature that policy engine supports. In a typical enterprise, authorization policies are defined by a policy administrator who has some knowledge on authorization language such as XACML… Then these policies must be reviewed by the management to …

Continue reading

Banking Sample with XACML

Lets try to understand how XACML can be used in banking applications and how to implement a sample banking authorization system with open source XACML engine. Use case There is bank call KBank, that supports ATM facilities and online money transfer faculties for its own customers. KBank has LDAP user store that contains customer details …

Continue reading

Migration XACML policies from older versions to new Identity Server versions.

Latest WSO2 Identity Server (4.5.0 and after it…) have lot changes when it is compared with its older versions (4.0.0, 4.1.0)…. There are database schema changes in user management databases and also lot changes in XACML space, (Please refer this for more details). Therefore, you can not plug new Identity Server versions with your old …

Continue reading

Searching entitlements in XACML Policies – GetEntitledAttributes

In my previous post, we went though defining XACML policies for web application. Now i am going to try out the scenario, that is defined in that blog post, with third approach. i.e. By using “getEntitledAttributes” method in Entitlement Service API of Identity Server.   Identity Server is an open source XACML engine that supports XACML …

Continue reading

Multiple decision profile – Hierarchical resources

In my previous post, we went though defining XACML policies for web application. Now i am going to try out the scenario, that is defined there with second approach. i.e. Multiple decision profile  with hierarchical resource profile.  Here i am using Identity Server which is an open source XACML engine that supports XACML 3.0, multiple …

Continue reading

Multiple decision profile – Repeated attribute categories

In my previous post, we went though defining XACML policies for web application. Now i am going to try out the scenario that is defined there with first approach. i.e. Multiple decision profile with repeated attribute categories. Here i am using  Identity Server which is an open source XACML engine that supports XACML 3.0 and …

Continue reading

Follow

Get every new post delivered to your Inbox.

Join 26 other followers