In this blog post. We are going to visit some architecture design of a XACML engine. When it comes to XACML and Open source world, WSO2 Identity server is one of a major player. Latest release of WSO2 Identity Server support XACML 3.0 based on Balana XACML implementation. As source code, distribution and documents are […]
Tag: PIP
Policy Information Point
In this blog post I am going to create XACML sample (sample XACML policies , PIP and PEP) with some real world use case. Lets assume following use case in a Health care organization There is a health care organization called “Medi” “Medi” keeps medical records of all the patients in a database repository. This repository has […]
One of my previous post, I have discussed about the PIP implementation of the WSO2 Identity Server. Now lets try to write a simple PIP attribute finder module to plug in to the WSO2 Identity Server. There are two ways that you can write a PIP attribute finder module By implementing the “PIPAttributeFinder” Interface. You […]
WSO2 Identity Server is based on the sun xacml implementation. Sunxacml provides an interface for plugging different PIP implementations as modules. “AttributeFinderModule” is the interface that would allow us to do this But WSO2 identity Server would not force us to use it. Because sunxacml’s interface seems to be more complex and Carbon platform features would not […]
According to the XACML reference architecture, PIP is the system entity that acts as a source of attribute values. Basically if there are missing attributes in the XACML request which is sent by PEP, PIP would find them for the PDP to evaluate the policy. To understand this better, lets go though sample XACML policy […]
The reference architecture proposes a standard for deployment of necessary software modules within an infrastructure. Policy Decision Point (PDP)evaluates policies against access requests provided by Policy Enforcement Points (PEP). To provide the decisions, PDP may also need to query a Policy Information Point (PIP) to gather descriptive attributes about the user or any other missing […]