XACML

PIP Architecture with WSO2 Identity Server

WSO2 Identity Server is based on the sun xacml implementation.  Sunxacml provides an interface for plugging different PIP implementations as modules. “AttributeFinderModule” is the interface that would allow us to do this But WSO2 identity Server would not force us to use it. Because sunxacml’s interface  seems to be more complex and Carbon platform features would not […]

Understanding PIP (Policy Information Point)

According to the XACML reference architecture, PIP is the system entity that acts as a source of attribute values. Basically if there are missing attributes in the XACML request which is sent by PEP, PIP would find them for the PDP to evaluate the policy. To understand this better, lets go though sample XACML policy […]

XACML reference architecture

The reference architecture proposes a standard for deployment of necessary software modules within an infrastructure. Policy Decision Point (PDP)evaluates policies against access requests provided by Policy Enforcement Points (PEP). To provide the decisions, PDP may also need to query a Policy Information Point (PIP) to gather descriptive attributes about the user or any other missing […]

Why we need XACML ?

Most of the organizations are still using legacy system with in build authorization logics. Some times, one organization contains large number of information systems and applications that each system or application uses their own way of authorizing. When it comes to today, authorization has become more complex. Because users within organization as well as outside the […]

What is XACML ?

XACML(eXtensible Access Control Markup Language) is an XML-based language for access control that has been standardized by the Technical Committee of the OASIS consortium. XACML is much popular as a fine grain authorization method among the community. But there are lot of aspect of XACML other than just a fine grain authorization mechanism. Although XACML was introduced as […]