eXtensible Access Control Markup Language

XACML engine architecture (PDP)

In this blog post. We are going to visit some architecture design of a XACML engine. When it comes to XACML and Open source world, WSO2 Identity server is one of a major player. Latest release of WSO2 Identity Server support XACML 3.0 based on Balana XACML implementation. As source code, distribution and documents are […]

XACML Sample for On-line Trading Application -1

XACML is the powerful way to build access control systems in your application. Here we are going to talk about how we can build a XACML driven authorization for on-line trading application called “K-Martket” This sample is shipped with Balana XACML implementation which can be found at here. Scenario would be as follows…. 1. K-Market […]

What is new with XACML 3.0

These day, i am working on opensource XACML 3.0 implementation, called  “Balana”.  You can find the project from here.  Balana is an improvement of sun-xacml.  However i am not going to talk about Balana today…  But just want to share some knowledge with XACML 3.0  When I go through the XACML 3.0  Core specification, following are […]

Writing simple PIP module for WSO2 Identity Server

One of my previous post, I have discussed about the PIP implementation of the WSO2 Identity Server. Now lets try to write a simple PIP attribute finder module to plug in to the WSO2 Identity Server. There are two ways that you can write a PIP attribute finder module  By implementing the “PIPAttributeFinder” Interface. You […]

PIP Architecture with WSO2 Identity Server

WSO2 Identity Server is based on the sun xacml implementation.  Sunxacml provides an interface for plugging different PIP implementations as modules. “AttributeFinderModule” is the interface that would allow us to do this But WSO2 identity Server would not force us to use it. Because sunxacml’s interface  seems to be more complex and Carbon platform features would not […]

Understanding PIP (Policy Information Point)

According to the XACML reference architecture, PIP is the system entity that acts as a source of attribute values. Basically if there are missing attributes in the XACML request which is sent by PEP, PIP would find them for the PDP to evaluate the policy. To understand this better, lets go though sample XACML policy […]

XACML reference architecture

The reference architecture proposes a standard for deployment of necessary software modules within an infrastructure. Policy Decision Point (PDP)evaluates policies against access requests provided by Policy Enforcement Points (PEP). To provide the decisions, PDP may also need to query a Policy Information Point (PIP) to gather descriptive attributes about the user or any other missing […]

Why we need XACML ?

Most of the organizations are still using legacy system with in build authorization logics. Some times, one organization contains large number of information systems and applications that each system or application uses their own way of authorizing. When it comes to today, authorization has become more complex. Because users within organization as well as outside the […]