XACML Policy Editor in WSO2 Identity Server V 3.2.X

[This blog post describes the policy editor of WSO2 Identity Server 3.2.X Which is now older version.  Please find new details about policy editors from here] WSO2 Identity server provides a XACML policy editor UI for creating XACML policies. Actually Identity server 3.2.X is shipped with two policy editors. One is basic policy editor and […]

XACML Sample for Health Care Application – 2

In my previous blog post,  I have implemented small XACML sample with WSO2 Identity Server. Now lets try to extend it by adding more authorization rules. The XACML policy that is used in previous blog post, achieves following authorization logics; I am just going to recall them as followings. 1. Patients can read their own […]

XACML Sample for Health Care Application – Part 1

In this blog post I am going to create XACML sample (sample XACML policies , PIP and PEP) with some real world use case. Lets assume following use case in a Health care organization There is a health care organization called “Medi” “Medi”  keeps medical records of all the patients in a database repository. This repository  has […]

Load balancing PDP Cluster using WSO2ESB

In my previous blog post, I explained how we can configure PDP cluster load balancing with WSO2LB. Lets see how we can configure WSO2ESB as load balancer for clustered PDPs. For that, we are using dynamic load balancing in ESB with session affinity. you can find the dynamic load balancing sample from here in WSO2 […]

PDP Cluster with Load balancer

In my previous blog post, I explained deploying of PDP cluster using WSO2 Identity Server. Each PDP in the cluster exposes their own authorization service (Entitlement service). Therefore we need to setup a load balancer to forward the incoming authorization queries among each PDPs. Then load balancer would expose only a one interface for PEP […]

PDP Clustering

One of the important thing that must be supported by the production XACML PDP is that horizontal scaling with  high availability and reliability.  WSO2 Identity server’s PDP achieves the horizontal scaling using clustering mechanism. In this post i am going to explain deploying of PDP cluster using WSO2 Identity Server. Here following three main points are very important […]

XACML PDP Performance Test Suit

These day, I am going to do a performance test on XACML PDP.  Actually with WSO2 Identity Server PDP implementation. But main problem me is to define a proper test suit for these testing. However as a start,  I just tried identify the factors that effect for the XACML decision query time. 1. Complexity of Polices, defined in […]

Improving XACML PDP Performance with Caching Techniques

One way of improving the performance of a XACML engine is by using caching techniques. But caching implementation must be designed carefully. Actually when remind the XACMLnetiq identity manager reference architecture, we could identify that, caching can be done in four places   1. XACML Policies can be cached. As policies usually be stored in […]

Writing simple PIP module for WSO2 Identity Server

One of my previous post, I have discussed about the PIP implementation of the WSO2 Identity Server. Now lets try to write a simple PIP attribute finder module to plug in to the WSO2 Identity Server. There are two ways that you can write a PIP attribute finder module  By implementing the “PIPAttributeFinder” Interface. You […]