SlideShare une entreprise Scribd logo

The WSO2 Identity Server - An answer to your common XACML dilemmas

WSO2
WSO2
Technologie
1  sur  56
Télécharger pour lire hors ligne
An answer to your common XACML dilemmas Asela Pathberiya Senior Software Engineer
WSO2  Founded in 2005 by acknowledged leaders in XML, Web Services Technologies & Standards and Open Source  Producing entire middleware platform 100% open source under Apache license  Business model is to sell comprehensive support & maintenance for our products  Venture funded by Intel Capital and Quest Software.  Global corporation with offices in USA, UK & Sri Lanka  150+ employees and growing
What are we going to cover  What is XACML?  Why is XACML important for your organization?  What are the disadvantages of XACML?  How can WSO2 Identity Server help you to overcome those disadvantages?
ETag Group ETag group is a trading company, which is established in 2001.
Application System ETag group deployed their 1st Application System in 2005.
Authentication Application System included an authentication mechanism
Authentication Some functions and data in the Application System must not be accessed by all employees in the company. Therefore authentication is not enough..!!!
Authorization ETag group wanted to build an authorization logic for their Application System.
Role Based Access Control (RBAC) Set of people who has same set of privileges, put in to a role and assign permission for that role.
Role Based Access Control (RBAC)
Growth of ETag Group Effect of company growth  No. of Application Systems were increased. For each application system, authorization logics were needed to implemented.  Authorization logics became more complex  Authorization logics were needed to be updated frequently  Maintaining of authorization logics became a tricky task
Meeting Decided implement a new authorization system
ETag Common Authorization System (ECAS)  Denis was asked to lead “ECAS” project  “ECAS” project must fulfill following six requirements as decided in the board meeting.
Externalized Authorization system is not bound to an application. Each application must be able to query a single authorization system for all authorization queries
Policy based Authorization logics can be modified frequently without any source code changes.
Standardized Even business managers and external people must be aware of the technology which is used to design this.
Attribute Based "X resource can be accessed by the Users who are from etag.com domain and whose age is not less than 18 years old”
Fine-grained Need to achieve the fine grain without defining a large number of static combinations in the source code or database
Real Time “Can user, Bob transfer X amount from current account Y between 9.00am to 4.00pm”
 Externalized  Policy based  Standardized  Attribute based  Fine-grained  Dynamic Authorization Solution
XACML XACML is standard for eXtensible Access Control Markup Language
Standard which is ratified by OASIS standards organization The first meeting 21st March 2001 XACML 1.0 - OASIS Standard – 6 February 2003 XACML 1.1 – Committee Specification – 7th August 2003 XACML 2.0 – OASIS Standard – 1 February 2005 XACML 3.0 – OASIS Standard – 10th Aug 2010
Policy language implemented using XML
Externalization is provided by XACML Reference architecture
Attribute Based Access Control (ABAC)
Fine-grained authorization Fine-grained authorization with higher level of abstraction by means of policy sets policies and rules.
Real time evaluation
XACML Implementation for ECAS Denis was really happy as he found the solution for all requirements Denis thought to start to implement XACML based authorization system for ECAS project
Meeting “Denis, It is hard to implement a XACML solution from the scratch” “It is better to find an existing implementation and plug it in to ECAS project “
Meeting “We need a closer look on XACML... Let have a review on it”
Disadvantages  Performances of XACML based authorization system would be less than the existing system  Complexity of defining and managing XACML policies  How to integrate current authorization logics in to new system as XACML policies.  How to provide a standard interface to communicate with with PDP.  PDP would be able to handle lager number of (10000 -100000) policies  How to achieve reliability and High availability.  Can XACML solutions support "What are the resources that Bob can access?"
XACML Implementations
An Open source XACML Implementation "Open source XACML solution, WSO2 identity Server, Just download and can run the PDP with out any configuration. how fast is that..? I do not want to write mail asking for evaluation copies" "I can just write simple XACML policy and try this out... Nice web based UI. "
WSO2 Identity Server
WSO2 Identity Server
Performance bottleneck  There would be less performance than the traditional authorization systems.  It is a trade-off for the advantages, offered  But WSO2 Identity Server team has identify this performance bottleneck and has provided a solution to overcome this to a greater extent. Caching technologies Thrift protocol for PDP – PEP communication
Caching
Load Test Figures  Environment Intel(R) Xeon(R) CPU X3440 @ 2.53GHz processor, 4 GB RAM, OS - Debian 6.0 (64bit) - with a single instance of Identity Server [-Xms1024m -Xmx2024m -XX:MaxPermSize=1024m]  Policy Complexity L1: 10 rules per policy while one rule dealing with 1 attribute L2: 100 rules per policy while one rule dealing with more than 10 attributes  Requests one million XACML requests. XACML requests are randomly retrieved from a pool where 10 000 different requests are available  Resources http://people.wso2.com/~asela/xacml_load_test/
Load Test Result - Caching
Load Test Result - Thrift
Complexity of defining and managing XACML policies Web based UI as PAP for defining and managing XACML policies.
XACML Policy Editors Two policy editors, Basic and Advance.
Integrating current authorization logics
Standard interface for PDP and PAP All PDP and PAP functionality has been exposed as Web services
Handling large number of policies  Policy distribution  On demand Policy Loading
Reliability and High Availability PDP clustering
Listing entitled resources for user
What we discussed Today  Identified XACML as a standard way of implementing authorization  How XACML answers the authorization requirements of your organization  What are the negative points of XACML  How WSO2 Identity Server has provided an answer for them
References www.oasis-open.org/committees/xacml http://xacmlinfo.com/ http://blog.facilelogin.com
Q and A
Customers
WSO2 Engagement Model QuickStart Development Support Development Services Production Support Turnkey Solutions WSO2 Mobile Services Solution WSO2 FIX Gateway Solution WSO2 SAP Gateway Solution
Thank You...!!! Contact Us… bizdev@wso2.com

Recommandé

SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
Driving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningDriving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningWSO2
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns WSO2
 
Why WSO2 for Digital Transformation
Why WSO2 for Digital TransformationWhy WSO2 for Digital Transformation
Why WSO2 for Digital TransformationWSO2
 
Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring WSO2
 
Navigating the Digital Transformation Landscape
Navigating the Digital Transformation Landscape Navigating the Digital Transformation Landscape
Navigating the Digital Transformation Landscape WSO2
 
Why WSO2 for Digital Transformation?
Why WSO2 for Digital Transformation? Why WSO2 for Digital Transformation?
Why WSO2 for Digital Transformation? WSO2
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...WSO2
 

Recommandé

SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
Driving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningDriving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningWSO2
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns WSO2
 
Why WSO2 for Digital Transformation
Why WSO2 for Digital TransformationWhy WSO2 for Digital Transformation
Why WSO2 for Digital TransformationWSO2
 
Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring WSO2
 
Navigating the Digital Transformation Landscape
Navigating the Digital Transformation Landscape Navigating the Digital Transformation Landscape
Navigating the Digital Transformation Landscape WSO2
 
Why WSO2 for Digital Transformation?
Why WSO2 for Digital Transformation? Why WSO2 for Digital Transformation?
Why WSO2 for Digital Transformation? WSO2
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...WSO2
 
Architecting SaaS
Architecting SaaSArchitecting SaaS
Architecting SaaSAxEdge Consulting
 
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Digital Transformation EXPO Event Series
 
API Branding Strategy
API Branding StrategyAPI Branding Strategy
API Branding StrategyWSO2
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosWSO2
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security RequirementsWSO2
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...ForgeRock
 
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...WSO2
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital EconomyWSO2
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the MeshNordic APIs
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Ping Identity
 
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer StoriesWSO2
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 
Why select a cloud based development platform
Why select a cloud based development platformWhy select a cloud based development platform
Why select a cloud based development platformWSO2
 
Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3WSO2
 
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018Starling Bank
 
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsDevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsApigee | Google Cloud
 
Securing your Cloud Application using StratosLive
Securing your Cloud Application using StratosLiveSecuring your Cloud Application using StratosLive
Securing your Cloud Application using StratosLiveWSO2
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
IT Modernization For Process Modernization
IT Modernization For Process ModernizationIT Modernization For Process Modernization
IT Modernization For Process ModernizationDheeraj Remella
 

Contenu connexe

Tendances

apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Digital Transformation EXPO Event Series
 
API Branding Strategy
API Branding StrategyAPI Branding Strategy
API Branding StrategyWSO2
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosWSO2
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security RequirementsWSO2
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...ForgeRock
 
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...WSO2
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital EconomyWSO2
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the MeshNordic APIs
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Ping Identity
 
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer StoriesWSO2
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 
Why select a cloud based development platform
Why select a cloud based development platformWhy select a cloud based development platform
Why select a cloud based development platformWSO2
 
Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3WSO2
 
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018Starling Bank
 
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsDevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsApigee | Google Cloud
 
Securing your Cloud Application using StratosLive
Securing your Cloud Application using StratosLiveSecuring your Cloud Application using StratosLive
Securing your Cloud Application using StratosLiveWSO2
 

Tendances (20)

Architecting SaaS
Architecting SaaSArchitecting SaaS
Architecting SaaS
 
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
 
API Branding Strategy
API Branding StrategyAPI Branding Strategy
API Branding Strategy
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 Stratos
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
 
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the Mesh
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
 
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
 
Why select a cloud based development platform
Why select a cloud based development platformWhy select a cloud based development platform
Why select a cloud based development platform
 
Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3
 
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
 
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsDevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile Apps
 
Securing your Cloud Application using StratosLive
Securing your Cloud Application using StratosLiveSecuring your Cloud Application using StratosLive
Securing your Cloud Application using StratosLive
 

Similaire à The WSO2 Identity Server - An answer to your common XACML dilemmas

Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
IT Modernization For Process Modernization
IT Modernization For Process ModernizationIT Modernization For Process Modernization
IT Modernization For Process ModernizationDheeraj Remella
 
Software Licensing In The Cloud (CloudWorld 2009)
Software Licensing In The Cloud (CloudWorld 2009)Software Licensing In The Cloud (CloudWorld 2009)
Software Licensing In The Cloud (CloudWorld 2009)Stuart Charlton
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioInho Kang
 
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클Oracle Korea
 
Soa12c launch 1 overview cr
Soa12c launch 1 overview crSoa12c launch 1 overview cr
Soa12c launch 1 overview crVasily Demin
 
Leveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business ServicesLeveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business ServicesAmazon Web Services
 
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloudA1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloudDr. Wilfred Lin (Ph.D.)
 
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)Brian Huff
 
Top10waystointegratewithoracleecmbezzo 1222791433931452 9
Top10waystointegratewithoracleecmbezzo 1222791433931452 9Top10waystointegratewithoracleecmbezzo 1222791433931452 9
Top10waystointegratewithoracleecmbezzo 1222791433931452 9MrLynnRClemons
 
Oracle OpenWorld 2010大会发布的新公告及关键信息
Oracle OpenWorld 2010大会发布的新公告及关键信息Oracle OpenWorld 2010大会发布的新公告及关键信息
Oracle OpenWorld 2010大会发布的新公告及关键信息slidethanks
 
Technical Compentency Document
Technical Compentency DocumentTechnical Compentency Document
Technical Compentency Documentamitdesai
 
Drools Presentation for Tallink.ee
Drools Presentation for Tallink.eeDrools Presentation for Tallink.ee
Drools Presentation for Tallink.eeAnton Arhipov
 
Cloud Computing Realities - Getting past the hype and setting your cloud stra...
Cloud Computing Realities - Getting past the hype and setting your cloud stra...Cloud Computing Realities - Getting past the hype and setting your cloud stra...
Cloud Computing Realities - Getting past the hype and setting your cloud stra...Compuware APM
 
Why Cloud Management Makes Sense
Why Cloud Management Makes SenseWhy Cloud Management Makes Sense
Why Cloud Management Makes SenseRightScale
 
Roadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRoadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRex Wang
 
Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases WSO2
 
RESUME_NEHA _SELENIUM
RESUME_NEHA _SELENIUMRESUME_NEHA _SELENIUM
RESUME_NEHA _SELENIUMNeha Samal
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Alicja Sieminska
 

Similaire à The WSO2 Identity Server - An answer to your common XACML dilemmas (20)

Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
IT Modernization For Process Modernization
IT Modernization For Process ModernizationIT Modernization For Process Modernization
IT Modernization For Process Modernization
 
Software Licensing In The Cloud (CloudWorld 2009)
Software Licensing In The Cloud (CloudWorld 2009)Software Licensing In The Cloud (CloudWorld 2009)
Software Licensing In The Cloud (CloudWorld 2009)
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istio
 
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
 
Soa12c launch 1 overview cr
Soa12c launch 1 overview crSoa12c launch 1 overview cr
Soa12c launch 1 overview cr
 
Leveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business ServicesLeveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business Services
 
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloudA1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
 
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)
 
Top10waystointegratewithoracleecmbezzo 1222791433931452 9
Top10waystointegratewithoracleecmbezzo 1222791433931452 9Top10waystointegratewithoracleecmbezzo 1222791433931452 9
Top10waystointegratewithoracleecmbezzo 1222791433931452 9
 
AWS Workloads on AWS
AWS Workloads on AWSAWS Workloads on AWS
AWS Workloads on AWS
 
Oracle OpenWorld 2010大会发布的新公告及关键信息
Oracle OpenWorld 2010大会发布的新公告及关键信息Oracle OpenWorld 2010大会发布的新公告及关键信息
Oracle OpenWorld 2010大会发布的新公告及关键信息
 
Technical Compentency Document
Technical Compentency DocumentTechnical Compentency Document
Technical Compentency Document
 
Drools Presentation for Tallink.ee
Drools Presentation for Tallink.eeDrools Presentation for Tallink.ee
Drools Presentation for Tallink.ee
 
Cloud Computing Realities - Getting past the hype and setting your cloud stra...
Cloud Computing Realities - Getting past the hype and setting your cloud stra...Cloud Computing Realities - Getting past the hype and setting your cloud stra...
Cloud Computing Realities - Getting past the hype and setting your cloud stra...
 
Why Cloud Management Makes Sense
Why Cloud Management Makes SenseWhy Cloud Management Makes Sense
Why Cloud Management Makes Sense
 
Roadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRoadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud Computing
 
Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases
 
RESUME_NEHA _SELENIUM
RESUME_NEHA _SELENIUMRESUME_NEHA _SELENIUM
RESUME_NEHA _SELENIUM
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...
 

Plus de WSO2

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 

Plus de WSO2 (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 

Dernier

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Dernier (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

The WSO2 Identity Server - An answer to your common XACML dilemmas

  • 1. An answer to your common XACML dilemmas Asela Pathberiya Senior Software Engineer
  • 2. WSO2  Founded in 2005 by acknowledged leaders in XML, Web Services Technologies & Standards and Open Source  Producing entire middleware platform 100% open source under Apache license  Business model is to sell comprehensive support & maintenance for our products  Venture funded by Intel Capital and Quest Software.  Global corporation with offices in USA, UK & Sri Lanka  150+ employees and growing
  • 3. What are we going to cover  What is XACML?  Why is XACML important for your organization?  What are the disadvantages of XACML?  How can WSO2 Identity Server help you to overcome those disadvantages?
  • 4. ETag Group ETag group is a trading company, which is established in 2001.
  • 5. Application System ETag group deployed their 1st Application System in 2005.
  • 6. Authentication Application System included an authentication mechanism
  • 7. Authentication Some functions and data in the Application System must not be accessed by all employees in the company. Therefore authentication is not enough..!!!
  • 8. Authorization ETag group wanted to build an authorization logic for their Application System.
  • 9. Role Based Access Control (RBAC) Set of people who has same set of privileges, put in to a role and assign permission for that role.
  • 10. Role Based Access Control (RBAC)
  • 11. Growth of ETag Group Effect of company growth  No. of Application Systems were increased. For each application system, authorization logics were needed to implemented.  Authorization logics became more complex  Authorization logics were needed to be updated frequently  Maintaining of authorization logics became a tricky task
  • 12. Meeting Decided implement a new authorization system
  • 13. ETag Common Authorization System (ECAS)  Denis was asked to lead “ECAS” project  “ECAS” project must fulfill following six requirements as decided in the board meeting.
  • 14. Externalized Authorization system is not bound to an application. Each application must be able to query a single authorization system for all authorization queries
  • 15. Policy based Authorization logics can be modified frequently without any source code changes.
  • 16. Standardized Even business managers and external people must be aware of the technology which is used to design this.
  • 17. Attribute Based "X resource can be accessed by the Users who are from etag.com domain and whose age is not less than 18 years old”
  • 18. Fine-grained Need to achieve the fine grain without defining a large number of static combinations in the source code or database
  • 19. Real Time “Can user, Bob transfer X amount from current account Y between 9.00am to 4.00pm”
  • 20.  Externalized  Policy based  Standardized  Attribute based  Fine-grained  Dynamic Authorization Solution
  • 21.
  • 22. XACML XACML is standard for eXtensible Access Control Markup Language
  • 23. Standard which is ratified by OASIS standards organization The first meeting 21st March 2001 XACML 1.0 - OASIS Standard – 6 February 2003 XACML 1.1 – Committee Specification – 7th August 2003 XACML 2.0 – OASIS Standard – 1 February 2005 XACML 3.0 – OASIS Standard – 10th Aug 2010
  • 25. Externalization is provided by XACML Reference architecture
  • 26. Attribute Based Access Control (ABAC)
  • 27. Fine-grained authorization Fine-grained authorization with higher level of abstraction by means of policy sets policies and rules.
  • 29. XACML Implementation for ECAS Denis was really happy as he found the solution for all requirements Denis thought to start to implement XACML based authorization system for ECAS project
  • 30. Meeting “Denis, It is hard to implement a XACML solution from the scratch” “It is better to find an existing implementation and plug it in to ECAS project “
  • 31. Meeting “We need a closer look on XACML... Let have a review on it”
  • 32. Disadvantages  Performances of XACML based authorization system would be less than the existing system  Complexity of defining and managing XACML policies  How to integrate current authorization logics in to new system as XACML policies.  How to provide a standard interface to communicate with with PDP.  PDP would be able to handle lager number of (10000 -100000) policies  How to achieve reliability and High availability.  Can XACML solutions support "What are the resources that Bob can access?"
  • 34. An Open source XACML Implementation "Open source XACML solution, WSO2 identity Server, Just download and can run the PDP with out any configuration. how fast is that..? I do not want to write mail asking for evaluation copies" "I can just write simple XACML policy and try this out... Nice web based UI. "
  • 37. Performance bottleneck  There would be less performance than the traditional authorization systems.  It is a trade-off for the advantages, offered  But WSO2 Identity Server team has identify this performance bottleneck and has provided a solution to overcome this to a greater extent. Caching technologies Thrift protocol for PDP – PEP communication
  • 39. Load Test Figures  Environment Intel(R) Xeon(R) CPU X3440 @ 2.53GHz processor, 4 GB RAM, OS - Debian 6.0 (64bit) - with a single instance of Identity Server [-Xms1024m -Xmx2024m -XX:MaxPermSize=1024m]  Policy Complexity L1: 10 rules per policy while one rule dealing with 1 attribute L2: 100 rules per policy while one rule dealing with more than 10 attributes  Requests one million XACML requests. XACML requests are randomly retrieved from a pool where 10 000 different requests are available  Resources http://people.wso2.com/~asela/xacml_load_test/
  • 40. Load Test Result - Caching
  • 41. Load Test Result - Thrift
  • 42. Complexity of defining and managing XACML policies Web based UI as PAP for defining and managing XACML policies.
  • 43. XACML Policy Editors Two policy editors, Basic and Advance.
  • 45. Standard interface for PDP and PAP All PDP and PAP functionality has been exposed as Web services
  • 46. Handling large number of policies  Policy distribution  On demand Policy Loading
  • 47. Reliability and High Availability PDP clustering
  • 49.
  • 50.
  • 51. What we discussed Today  Identified XACML as a standard way of implementing authorization  How XACML answers the authorization requirements of your organization  What are the negative points of XACML  How WSO2 Identity Server has provided an answer for them
  • 55. WSO2 Engagement Model QuickStart Development Support Development Services Production Support Turnkey Solutions WSO2 Mobile Services Solution WSO2 FIX Gateway Solution WSO2 SAP Gateway Solution