Tag: PIP

Policy Information Point

XACML engine architecture (PDP)

In this blog post. We are going to visit some architecture design of a XACML engine. When it comes to XACML and Open source world, WSO2 Identity server is one of a major player. Latest release of WSO2 Identity Server support XACML 3.0 based on Balana XACML implementation. As source code, distribution and documents are […]

XACML Sample for Health Care Application – Part 1

In this blog post I am going to create XACML sample (sample XACML policies , PIP and PEP) with some real world use case. Lets assume following use case in a Health care organization There is a health care organization called “Medi” “Medi”  keeps medical records of all the patients in a database repository. This repository  has […]

Writing simple PIP module for WSO2 Identity Server

One of my previous post, I have discussed about the PIP implementation of the WSO2 Identity Server. Now lets try to write a simple PIP attribute finder module to plug in to the WSO2 Identity Server. There are two ways that you can write a PIP attribute finder module  By implementing the “PIPAttributeFinder” Interface. You […]

PIP Architecture with WSO2 Identity Server

WSO2 Identity Server is based on the sun xacml implementation.  Sunxacml provides an interface for plugging different PIP implementations as modules. “AttributeFinderModule” is the interface that would allow us to do this But WSO2 identity Server would not force us to use it. Because sunxacml’s interface  seems to be more complex and Carbon platform features would not […]

Understanding PIP (Policy Information Point)

According to the XACML reference architecture, PIP is the system entity that acts as a source of attribute values. Basically if there are missing attributes in the XACML request which is sent by PEP, PIP would find them for the PDP to evaluate the policy. To understand this better, lets go though sample XACML policy […]

XACML reference architecture

The reference architecture proposes a standard for deployment of necessary software modules within an infrastructure. Policy Decision Point (PDP)evaluates policies against access requests provided by Policy Enforcement Points (PEP). To provide the decisions, PDP may also need to query a Policy Information Point (PIP) to gather descriptive attributes about the user or any other missing […]