SlideShare une entreprise Scribd logo

Addressing Security Concerns with WSO2 Governance Registry Policy Store

WSO2
WSO2
Technologie
1  sur  17
Télécharger pour lire hors ligne
Addressing Security Concerns with WSO2 Governance Registry as Policy Store Arudsothy  Sriragu   (S   rArudsothy Sriragu (Senior Software Engineer-WSO2 Governance Registry) & Eranda Sooriyabandara (Senior Software Engineer-WSO2 Governance Registry)  Engineer-­‐WSO2  Governance  Registry)   &   Eranda  Sooriyabandara   (Senior  Software  Engineer-­‐WSO2  Governance   Registry)  
About WSO2 •  Providing the only complete open source componentized cloud platform –  Dedicated to removing all the stumbling blocks to enterprise agility –  Enabling you to focus on business logic and business value •  Recognized by leading analyst firms as visionaries and leaders –  Gartner cites WSO2 as visionaries in all 3 categories of application infrastructure –  Forrester places WSO2 in top 2 for API Management •  Global corporation with offices in USA, UK & Sri Lanka –  200+ employees and growing •  Business model of selling comprehensive support & maintenance for our products
150+ globally positioned support customers
Agenda }  Understanding the policy enforcement in SOA environment }  Why does a typical SOA enterprise need policy management }  Some terminologies used in policy enforcement }  How WSO2 Identity Server plays as XACML policy engine }  Run-time policy vs Design-time policy }  Demo - Sample usecase where WSO2 Governance Registry can be used as policy store }  Q&A
Understand the policy enforcement in SOA environment }  A typical service oriented enterprise will have mainly three objects in interaction which are service consumers, services and resources }  How can a SOA environment control varies authorization level depends on the consumer type such as admin user, publisher level user, subscriber level user, login level user..etc. }  To address the above complexity SOA environment forced to have a varies type of policies. }  Therefore applying policies for SOA environment to control its activities during the service consumption or service design will be called as policy enforcement.
Why a typical SOA enterprise need policy management }  To control authorization level among the users accessing the services in any typical SOA environment. }  Prevent Unauthorized access to the services must be prevented. }  Quality of service should be managed by service policy. Therefore SOA enterprise needs a policy management system. }  Giving the access to the correct version of the service based on the consumer type. It can be managed by a versioning policy. }  SOA enterprises need to enforce the policy to accept the content passed as payload in terms of encoding format.    
Some terminologies used in policy enforcement }  PEP -it stands for policy enforcement point where the incoming request is received and authorization request will be generated and sent over to authorization engine. }  PIP - stands for policy information point where information about policy elements such as attribute value and meaning, resource information used in policy, environment in which the particular policy to be evaluated. }  PDP - stands for policy decision point where the authorization request is evaluated which has been sent by the PEP and decision is made whether to authorize or not. This point in general called as authorization engine since it is the decision maker for authorization request.
Contd……… }  PAP - stands for policy administration point where the policy is managed. }  PRP - stands for policy retrieval point where the policy is stored and retrieved by authorization engine to evaluate against the incoming authorization request. }  WSO2 IS can be used as a PAP, PIP and PDP. }  WSO2 Governance Registry is used as PRP. }  WSO2 ESB can be used as PEP.
How WSO2 Identity Server plays as XACML policy engine }  WSO2 IS uses the xacml policy based authorization. XACML stands for eXtensible access control markup language. }  WSO2 IS has the capability to play as a XACML based authorization engine. }  WSO2 IS makes decision based on the policy relevant to the request, in other word IS functions as policy decision point. }  WSO2 Identity Server (IS) makes authorization decision based on XACML request. }  IS returns it authorization response to the policy enforcement point with what action to be taken for the client request. Response will be allow or deny the access.
Run-time policy vs Design-time policy }  Design time policies define the behavior of the service at the design time while the runtime policies define the behavior of the service at the runtime. }  Design time policies are enforced during the period when developer creates the services. For an example, WS-security to be used for security mechanisms. }  An example of runtime policy would be "Only users with admin role are allowed to update the resource A between 10 and 12 o'clock. This policy will be enforced and evaluated at the service invocation.
Demo
Demo
Demo }  Client requests some resource via ESB proxy service. }  When the ESB receives the client request “entitlement mediator”[PEP] will generate the xacml request and call the WSO2 IS [PDP] “entitlement admin service” endpoint. }  WSO2 IS retrieves the policy stored in the Governance Registry and evaluates xacml request. WSO2 IS functions as xacml engine }  Depends on the decision made by the IS request will be processed further and returned the resource to the client or returned with an unauthorized message.
References }  http://wso2.com/library/articles/2011/08/finegrained-authorization- restful-services-xacml }  http://wso2.com/library/articles/2011/10/understanding-xacml- policy-language-xacml-extended-assertion-markup-langue-part-1 }  http://blog.facilelogin.com/2009/06/guide-to-write-xacml-policies- in-wso2.html }  http://hasini-gunasinghe.blogspot.com/2011/12/entitlement- service-xacml-pdp-as-web.html }  http://blog.facilelogin.com/2009/05/identity-server-20-as-xacml- engine.html
Questions and Answers        Q                  &                  A
Engage with WSO2 •  Helping you get the most out of your deployments •  From project evaluation and inception to development and going into production, WSO2 is your partner in ensuring 100% project success
Engage with WSO2 •  Helping you get the most out of your deployments •  From project evaluation and inception to development and going into production, WSO2 is your partner in ensuring 100% project success

Recommandé

Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
WSO2
 
Integration Solution Patterns
Integration Solution Patterns Integration Solution Patterns
Integration Solution Patterns
WSO2
 
Rxt demo-part3
Rxt demo-part3Rxt demo-part3
Rxt demo-part3
WSO2
 
Enterprise Governance - The Key to Success
Enterprise Governance - The Key to Success Enterprise Governance - The Key to Success
Enterprise Governance - The Key to Success
WSO2
 
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 IntegrationWSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2
 
Introduction to Configurable Governance Artifacts
Introduction to Configurable Governance ArtifactsIntroduction to Configurable Governance Artifacts
Introduction to Configurable Governance Artifacts
WSO2
 
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital TransformationWSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2
 
Streamline your SOA Portfolio
Streamline your SOA Portfolio Streamline your SOA Portfolio
Streamline your SOA Portfolio
WSO2
 

Recommandé

Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
WSO2
 
Integration Solution Patterns
Integration Solution Patterns Integration Solution Patterns
Integration Solution Patterns
WSO2
 
Rxt demo-part3
Rxt demo-part3Rxt demo-part3
Rxt demo-part3
WSO2
 
Enterprise Governance - The Key to Success
Enterprise Governance - The Key to Success Enterprise Governance - The Key to Success
Enterprise Governance - The Key to Success
WSO2
 
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 IntegrationWSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2
 
Introduction to Configurable Governance Artifacts
Introduction to Configurable Governance ArtifactsIntroduction to Configurable Governance Artifacts
Introduction to Configurable Governance Artifacts
WSO2
 
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital TransformationWSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2
 
Streamline your SOA Portfolio
Streamline your SOA Portfolio Streamline your SOA Portfolio
Streamline your SOA Portfolio
WSO2
 
Observability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise IntegratorObservability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise Integrator
WSO2
 
WSO2 Summit London 2018: Delivering Business Value with WSO2
WSO2 Summit London 2018: Delivering Business Value with WSO2WSO2 Summit London 2018: Delivering Business Value with WSO2
WSO2 Summit London 2018: Delivering Business Value with WSO2
WSO2
 
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
WSO2
 
[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management
WSO2
 
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
WSO2
 
Developing, Administering and Debugging with WSO2 Enterprise Integrator
Developing, Administering and Debugging with WSO2 Enterprise IntegratorDeveloping, Administering and Debugging with WSO2 Enterprise Integrator
Developing, Administering and Debugging with WSO2 Enterprise Integrator
WSO2
 
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
WSO2
 
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2
 
WSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital ConnectorWSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital Connector
WSO2
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2
 
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
WSO2
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud Service
ForgeRock
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
WSO2
 
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2
 
McKesson Case Study
McKesson Case StudyMcKesson Case Study
McKesson Case Study
ForgeRock
 
WSO2 Enterprise Integrator 101
WSO2 Enterprise Integrator 101WSO2 Enterprise Integrator 101
WSO2 Enterprise Integrator 101
WSO2
 
Seamless Integration of Data in E Government
Seamless Integration of Data in E Government Seamless Integration of Data in E Government
Seamless Integration of Data in E Government
WSO2
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business value
WSO2
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
WSO2
 
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
WSO2
 

Contenu connexe

Tendances

WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2
 
Seamless Integration of Data in E Government
Seamless Integration of Data in E Government Seamless Integration of Data in E Government
Seamless Integration of Data in E Government
WSO2
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business value
WSO2
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2
 

Tendances (20)

Observability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise IntegratorObservability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise Integrator
 
WSO2 Summit London 2018: Delivering Business Value with WSO2
WSO2 Summit London 2018: Delivering Business Value with WSO2WSO2 Summit London 2018: Delivering Business Value with WSO2
WSO2 Summit London 2018: Delivering Business Value with WSO2
 
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
 
[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management
 
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
 
Developing, Administering and Debugging with WSO2 Enterprise Integrator
Developing, Administering and Debugging with WSO2 Enterprise IntegratorDeveloping, Administering and Debugging with WSO2 Enterprise Integrator
Developing, Administering and Debugging with WSO2 Enterprise Integrator
 
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
 
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
 
WSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital ConnectorWSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital Connector
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
 
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud Service
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
 
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
 
McKesson Case Study
McKesson Case StudyMcKesson Case Study
McKesson Case Study
 
WSO2 Enterprise Integrator 101
WSO2 Enterprise Integrator 101WSO2 Enterprise Integrator 101
WSO2 Enterprise Integrator 101
 
Seamless Integration of Data in E Government
Seamless Integration of Data in E Government Seamless Integration of Data in E Government
Seamless Integration of Data in E Government
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business value
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
 

En vedette

Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
WSO2
 
Integração SAP com Plataformas 100% OpenSource
Integração SAP com Plataformas 100% OpenSourceIntegração SAP com Plataformas 100% OpenSource
Integração SAP com Plataformas 100% OpenSource
WSO2
 
Dealing with Common Data Requirements in Your Enterprise
Dealing with Common Data Requirements in Your EnterpriseDealing with Common Data Requirements in Your Enterprise
Dealing with Common Data Requirements in Your Enterprise
WSO2
 
Solution Architecture Patterns for Digital Transformation
Solution Architecture Patterns for Digital TransformationSolution Architecture Patterns for Digital Transformation
Solution Architecture Patterns for Digital Transformation
WSO2
 
2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?
WSO2
 
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
WSO2
 

En vedette (8)

WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
 
Integração SAP com Plataformas 100% OpenSource
Integração SAP com Plataformas 100% OpenSourceIntegração SAP com Plataformas 100% OpenSource
Integração SAP com Plataformas 100% OpenSource
 
Java 8 ​and ​Best Practices
Java 8 ​and ​Best Practices Java 8 ​and ​Best Practices
Java 8 ​and ​Best Practices
 
Dealing with Common Data Requirements in Your Enterprise
Dealing with Common Data Requirements in Your EnterpriseDealing with Common Data Requirements in Your Enterprise
Dealing with Common Data Requirements in Your Enterprise
 
Solution Architecture Patterns for Digital Transformation
Solution Architecture Patterns for Digital TransformationSolution Architecture Patterns for Digital Transformation
Solution Architecture Patterns for Digital Transformation
 
2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?
 
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
 

Similaire à Addressing Security Concerns with WSO2 Governance Registry Policy Store

Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
Prolifics
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 Stratos
WSO2
 
Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring
WSO2
 
Data-As-A-Service to enable compliance reporting
Data-As-A-Service to enable compliance reportingData-As-A-Service to enable compliance reporting
Data-As-A-Service to enable compliance reporting
AnalyticsWeek
 
SOA Pattern : Policy Centralization
SOA Pattern : Policy CentralizationSOA Pattern : Policy Centralization
SOA Pattern : Policy Centralization
WSO2
 

Similaire à Addressing Security Concerns with WSO2 Governance Registry Policy Store (20)

Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
 
Whitepaper: Software Defined Data Center – An Implementation view - Happiest ...
Whitepaper: Software Defined Data Center – An Implementation view - Happiest ...Whitepaper: Software Defined Data Center – An Implementation view - Happiest ...
Whitepaper: Software Defined Data Center – An Implementation view - Happiest ...
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 Stratos
 
Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring
 
Data-As-A-Service to enable compliance reporting
Data-As-A-Service to enable compliance reportingData-As-A-Service to enable compliance reporting
Data-As-A-Service to enable compliance reporting
 
Azure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalkAzure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalk
 
License Position Snapshot Service
License Position Snapshot ServiceLicense Position Snapshot Service
License Position Snapshot Service
 
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
 
Qualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptx
 
SOA Pattern : Policy Centralization
SOA Pattern : Policy CentralizationSOA Pattern : Policy Centralization
SOA Pattern : Policy Centralization
 
SOX Cloud Criteria Cloud Hosted Accounting
SOX Cloud Criteria Cloud Hosted AccountingSOX Cloud Criteria Cloud Hosted Accounting
SOX Cloud Criteria Cloud Hosted Accounting
 
4. cloud procurement
4. cloud procurement4. cloud procurement
4. cloud procurement
 
Concorde Solutions ITAM Review Tools Day
Concorde Solutions ITAM Review Tools Day Concorde Solutions ITAM Review Tools Day
Concorde Solutions ITAM Review Tools Day
 
20150113
2015011320150113
20150113
 
APAC Data centre Service Provider landscape - FrostIQ
APAC Data centre Service Provider landscape - FrostIQAPAC Data centre Service Provider landscape - FrostIQ
APAC Data centre Service Provider landscape - FrostIQ
 
Service Analysis And Design
Service Analysis And DesignService Analysis And Design
Service Analysis And Design
 
SCOM 2012 service SaaS
SCOM 2012 service SaaSSCOM 2012 service SaaS
SCOM 2012 service SaaS
 
Service Oriented Architecture
Service Oriented ArchitectureService Oriented Architecture
Service Oriented Architecture
 
INTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specificationsINTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specifications
 

Plus de WSO2

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 

Plus de WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 

Dernier

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Dernier (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Addressing Security Concerns with WSO2 Governance Registry Policy Store

  • 1. Addressing Security Concerns with WSO2 Governance Registry as Policy Store Arudsothy  Sriragu   (S   rArudsothy Sriragu (Senior Software Engineer-WSO2 Governance Registry) & Eranda Sooriyabandara (Senior Software Engineer-WSO2 Governance Registry)  Engineer-­‐WSO2  Governance  Registry)   &   Eranda  Sooriyabandara   (Senior  Software  Engineer-­‐WSO2  Governance   Registry)  
  • 2. About WSO2 •  Providing the only complete open source componentized cloud platform –  Dedicated to removing all the stumbling blocks to enterprise agility –  Enabling you to focus on business logic and business value •  Recognized by leading analyst firms as visionaries and leaders –  Gartner cites WSO2 as visionaries in all 3 categories of application infrastructure –  Forrester places WSO2 in top 2 for API Management •  Global corporation with offices in USA, UK & Sri Lanka –  200+ employees and growing •  Business model of selling comprehensive support & maintenance for our products
  • 3. 150+ globally positioned support customers
  • 4. Agenda }  Understanding the policy enforcement in SOA environment }  Why does a typical SOA enterprise need policy management }  Some terminologies used in policy enforcement }  How WSO2 Identity Server plays as XACML policy engine }  Run-time policy vs Design-time policy }  Demo - Sample usecase where WSO2 Governance Registry can be used as policy store }  Q&A
  • 5. Understand the policy enforcement in SOA environment }  A typical service oriented enterprise will have mainly three objects in interaction which are service consumers, services and resources }  How can a SOA environment control varies authorization level depends on the consumer type such as admin user, publisher level user, subscriber level user, login level user..etc. }  To address the above complexity SOA environment forced to have a varies type of policies. }  Therefore applying policies for SOA environment to control its activities during the service consumption or service design will be called as policy enforcement.
  • 6. Why a typical SOA enterprise need policy management }  To control authorization level among the users accessing the services in any typical SOA environment. }  Prevent Unauthorized access to the services must be prevented. }  Quality of service should be managed by service policy. Therefore SOA enterprise needs a policy management system. }  Giving the access to the correct version of the service based on the consumer type. It can be managed by a versioning policy. }  SOA enterprises need to enforce the policy to accept the content passed as payload in terms of encoding format.    
  • 7. Some terminologies used in policy enforcement }  PEP -it stands for policy enforcement point where the incoming request is received and authorization request will be generated and sent over to authorization engine. }  PIP - stands for policy information point where information about policy elements such as attribute value and meaning, resource information used in policy, environment in which the particular policy to be evaluated. }  PDP - stands for policy decision point where the authorization request is evaluated which has been sent by the PEP and decision is made whether to authorize or not. This point in general called as authorization engine since it is the decision maker for authorization request.
  • 8. Contd……… }  PAP - stands for policy administration point where the policy is managed. }  PRP - stands for policy retrieval point where the policy is stored and retrieved by authorization engine to evaluate against the incoming authorization request. }  WSO2 IS can be used as a PAP, PIP and PDP. }  WSO2 Governance Registry is used as PRP. }  WSO2 ESB can be used as PEP.
  • 9. How WSO2 Identity Server plays as XACML policy engine }  WSO2 IS uses the xacml policy based authorization. XACML stands for eXtensible access control markup language. }  WSO2 IS has the capability to play as a XACML based authorization engine. }  WSO2 IS makes decision based on the policy relevant to the request, in other word IS functions as policy decision point. }  WSO2 Identity Server (IS) makes authorization decision based on XACML request. }  IS returns it authorization response to the policy enforcement point with what action to be taken for the client request. Response will be allow or deny the access.
  • 10. Run-time policy vs Design-time policy }  Design time policies define the behavior of the service at the design time while the runtime policies define the behavior of the service at the runtime. }  Design time policies are enforced during the period when developer creates the services. For an example, WS-security to be used for security mechanisms. }  An example of runtime policy would be "Only users with admin role are allowed to update the resource A between 10 and 12 o'clock. This policy will be enforced and evaluated at the service invocation.
  • 11. Demo
  • 12. Demo
  • 13. Demo }  Client requests some resource via ESB proxy service. }  When the ESB receives the client request “entitlement mediator”[PEP] will generate the xacml request and call the WSO2 IS [PDP] “entitlement admin service” endpoint. }  WSO2 IS retrieves the policy stored in the Governance Registry and evaluates xacml request. WSO2 IS functions as xacml engine }  Depends on the decision made by the IS request will be processed further and returned the resource to the client or returned with an unauthorized message.
  • 14. References }  http://wso2.com/library/articles/2011/08/finegrained-authorization- restful-services-xacml }  http://wso2.com/library/articles/2011/10/understanding-xacml- policy-language-xacml-extended-assertion-markup-langue-part-1 }  http://blog.facilelogin.com/2009/06/guide-to-write-xacml-policies- in-wso2.html }  http://hasini-gunasinghe.blogspot.com/2011/12/entitlement- service-xacml-pdp-as-web.html }  http://blog.facilelogin.com/2009/05/identity-server-20-as-xacml- engine.html
  • 15. Questions and Answers        Q                  &                  A
  • 16. Engage with WSO2 •  Helping you get the most out of your deployments •  From project evaluation and inception to development and going into production, WSO2 is your partner in ensuring 100% project success
  • 17. Engage with WSO2 •  Helping you get the most out of your deployments •  From project evaluation and inception to development and going into production, WSO2 is your partner in ensuring 100% project success