SlideShare une entreprise Scribd logo

Access control patterns

WSO2
WSO2
BusinessTechnologie
1  sur  26
Télécharger pour lire hors ligne
Access  Control  Pa.erns  &  Prac0ces   with     WSO2  Middleware     Prabath  Siriwardena      
About  Me   •  Director  of  Security  Architecture  at  WSO2   •  Leads  WSO2  Iden8ty  Server  –  an  open  source  iden8ty  and   en8tlement  management  product.   •  Apache  Axis2/Rampart  commiCer  /  PMC   •  A  member  of  OASIS  Iden8ty  Metasystem  Interoperability   (IMI)  TC,  OASIS  eXtensible  Access  Control  Markup  Language   (XACML)  TC  and  OASIS  Security  Services  (SAML)  TC.   •  TwiCer  :  @prabath   •  Email  :  prabath@apache.org   •  Blog  :  hCp://blog.facilelogin.com   •  LinkedIn  :  hCp://www.linkedin.com/in/prabathsiriwardena    
     Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)
    With the Discretionary Access Control, the user can be the owner of the data and at his discretion can transfer the rights to another user.
    With Mandatory Access Control, only designated users are allowed to grant rights and, users cannot transfer them.
    All WSO2 Carbon based products are based on Mandatory Access Control.
    Group is a collection of Users - while a Role is a collection of permissions.
    Authorization Table vs. Access Control Lists vs. Capabilities
    Authorization Table is a three column table with subject, action and resource.
With Access Control Lists, each resource is associated with a list, indicating, for each   subject, the actions that the subject can exercise on the resource.  
With Capabilities, each subject has an associated list, called capability list, indicating,   for each resource, the accesses that the user is allowed to exercise on the resource.  
    Access Control List is resource driven while capabilities are subject driven.
    With policy based access control we can have authorization policies with a fine granularity.
    Capabilities and Access Control Lists can be dynamically derived from policies.
    XACML is the de facto standard for policy based access control.
    XACML provides a reference architecture, a request response protocol and a policy language.
XACML  Reference  Architecture   Policy  Administra0on   Point  (PAP)   Policy  Decision  Point   (PDP)   Policy  Store   Policy  Enforcement  Point   (PEP)   Policy  Informa0on  Point   (PIP)  
WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (STS)   WSO2  Applica0on  Server   (SOAP  Service)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0ons  (Capabili0es)   SAML  token  request   Client  Applica0on   SAML  token  with   Authen0ca0on     and     Authoriza0on  Asser0on   +   Service  Request  
WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (SAML2  IdP)   WSO2  Applica0on  Server   (Web  Applica0on)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0on  (Capabili0es)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
Role  Based  Access  Control   WSO2  Applica0on  Server   (SOAP  Service)   Client  Applica0on   Service  Request  +  Creden0als   WSO2  ESB   (Policy  Enforcement   Point)   RBAC  
WSO2  ESB  as  the  XACML  PEP  (SOAP  and  REST)   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   WSO2  Applica0on  Server   (SOAP  Service)   XACML  Request   WSO2  ESB   (Policy  Enforcement   Point)   Client  Applica0on   Service  Request  +  Creden0als  
XACML  PEP  as  a  Servlet  Filter   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   XACML  Request   XACML    Servlet  Filter   Client  Applica0on   WSO2  Applica0on  Server   Service  Request  +  Creden0als  
OAuth  +  XACML   WSO2  Iden0ty  Server   (OAuth   Authoriza0on  Server)   XACML     Request   Validate()   XACML  Response   WSO2  Iden0ty  Server   (XACML  PDP)   API  Gateway   Access   Token   Client  Applica0on  
Authoriza0on  with  External  IdPs  (Role  Mapping)   WSO2  Iden0ty  Server   IdP   Groups   External  SAML2  IdP   (Salesforce)   SAML  token  with  Authen0ca0on     and  A.ribute  Asser0ons  with  IdP  groups   Web  App     roles   WSO2  Applica0on  Server   (Web  Applica0on)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
      Liferay  Portal                             XACML  Mul0ple  Decisions  and     Applica0on  Specific  Roles   XACML  Request   WSO2  Iden0ty  Server   (XAML  PDP)   XACML  Response   Login  
lean  .  enterprise  .  middleware  

Recommandé

Python で OAuth2 をつかってみよう!
Python で OAuth2 をつかってみよう!Python で OAuth2 をつかってみよう!
Python で OAuth2 をつかってみよう!Project Samurai
 
Phpcon2015
Phpcon2015Phpcon2015
Phpcon2015Hiroshi Tokumaru
 
PHP7で変わること ——言語仕様とエンジンの改善ポイント
PHP7で変わること ——言語仕様とエンジンの改善ポイントPHP7で変わること ——言語仕様とエンジンの改善ポイント
PHP7で変わること ——言語仕様とエンジンの改善ポイントYoshio Hanawa
 
OAuth 2.0の概要とセキュリティ
OAuth 2.0の概要とセキュリティOAuth 2.0の概要とセキュリティ
OAuth 2.0の概要とセキュリティHiroshi Hayakawa
 
ニュースパスのクローラーアーキテクチャとマイクロサービス
ニュースパスのクローラーアーキテクチャとマイクロサービスニュースパスのクローラーアーキテクチャとマイクロサービス
ニュースパスのクローラーアーキテクチャとマイクロサービスmosa siru
 
マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!mosa siru
 
La méthode de gestion de projet agile.pdf
La méthode de gestion de projet agile.pdfLa méthode de gestion de projet agile.pdf
La méthode de gestion de projet agile.pdfanwermannai
 
マイクロサービスっぽい感じの話
マイクロサービスっぽい感じの話マイクロサービスっぽい感じの話
マイクロサービスっぽい感じの話Makoto Haruyama
 

Recommandé

Python で OAuth2 をつかってみよう!
Python で OAuth2 をつかってみよう!Python で OAuth2 をつかってみよう!
Python で OAuth2 をつかってみよう!Project Samurai
 
Phpcon2015
Phpcon2015Phpcon2015
Phpcon2015Hiroshi Tokumaru
 
PHP7で変わること ——言語仕様とエンジンの改善ポイント
PHP7で変わること ——言語仕様とエンジンの改善ポイントPHP7で変わること ——言語仕様とエンジンの改善ポイント
PHP7で変わること ——言語仕様とエンジンの改善ポイントYoshio Hanawa
 
OAuth 2.0の概要とセキュリティ
OAuth 2.0の概要とセキュリティOAuth 2.0の概要とセキュリティ
OAuth 2.0の概要とセキュリティHiroshi Hayakawa
 
ニュースパスのクローラーアーキテクチャとマイクロサービス
ニュースパスのクローラーアーキテクチャとマイクロサービスニュースパスのクローラーアーキテクチャとマイクロサービス
ニュースパスのクローラーアーキテクチャとマイクロサービスmosa siru
 
マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!mosa siru
 
La méthode de gestion de projet agile.pdf
La méthode de gestion de projet agile.pdfLa méthode de gestion de projet agile.pdf
La méthode de gestion de projet agile.pdfanwermannai
 
マイクロサービスっぽい感じの話
マイクロサービスっぽい感じの話マイクロサービスっぽい感じの話
マイクロサービスっぽい感じの話Makoto Haruyama
 
JavaプログラマのためのWebSocket概要
JavaプログラマのためのWebSocket概要JavaプログラマのためのWebSocket概要
JavaプログラマのためのWebSocket概要Shumpei Shiraishi
 
Virtual Machine Scale Sets 概要
Virtual Machine Scale Sets 概要Virtual Machine Scale Sets 概要
Virtual Machine Scale Sets 概要Yui Ashikaga
 
FiNC DDD第一回勉強会
FiNC DDD第一回勉強会FiNC DDD第一回勉強会
FiNC DDD第一回勉強会裕紀 重村
 
Keycloakの最近のトピック
Keycloakの最近のトピックKeycloakの最近のトピック
Keycloakの最近のトピックHitachi, Ltd. OSS Solution Center.
 
OAuth 2.0による認可の流れ
OAuth 2.0による認可の流れOAuth 2.0による認可の流れ
OAuth 2.0による認可の流れTakeshi Mikami
 
XSS再入門
XSS再入門XSS再入門
XSS再入門Hiroshi Tokumaru
 
スマートフォン向けサービスにおけるサーバサイド設計入門
スマートフォン向けサービスにおけるサーバサイド設計入門スマートフォン向けサービスにおけるサーバサイド設計入門
スマートフォン向けサービスにおけるサーバサイド設計入門Hisashi HATAKEYAMA
 
KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するKeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するHitachi, Ltd. OSS Solution Center.
 
メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月
メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月
メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月Masahiro Nagano
 
08 préparer le pmp management des appro
08 préparer le pmp management des appro08 préparer le pmp management des appro
08 préparer le pmp management des approSAAD Mohamed, MBA,CISA, ITIL, PMP, ISO 27001 LA, CRISC
 
Introduction à Scrum
Introduction à ScrumIntroduction à Scrum
Introduction à ScrumGuillaume Bladier
 
Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)
Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)
Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)NTT DATA Technology & Innovation
 
データ基盤の3分類と進化的データモデリング #DPCT
データ基盤の3分類と進化的データモデリング #DPCTデータ基盤の3分類と進化的データモデリング #DPCT
データ基盤の3分類と進化的データモデリング #DPCT@yuzutas0 Yokoyama
 
OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015
OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015
OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015Toru Yamaguchi
 
Keycloakの動向
Keycloakの動向Keycloakの動向
Keycloakの動向Yuichi Nakamura
 
Microsoft Graph APIを活用した社内アプリケーション開発
Microsoft Graph APIを活用した社内アプリケーション開発Microsoft Graph APIを活用した社内アプリケーション開発
Microsoft Graph APIを活用した社内アプリケーション開発Yuki Hattori
 
New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)
New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)
New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)Altinity Ltd
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)
クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)
クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)都元ダイスケ Miyamoto
 
Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版
Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版
Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版junichi anno
 
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message BrokerWSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message BrokerWSO2
 
Introducing the WSO2 Platform
Introducing the WSO2 PlatformIntroducing the WSO2 Platform
Introducing the WSO2 PlatformWSO2
 

Contenu connexe

Tendances

JavaプログラマのためのWebSocket概要
JavaプログラマのためのWebSocket概要JavaプログラマのためのWebSocket概要
JavaプログラマのためのWebSocket概要Shumpei Shiraishi
 
Virtual Machine Scale Sets 概要
Virtual Machine Scale Sets 概要Virtual Machine Scale Sets 概要
Virtual Machine Scale Sets 概要Yui Ashikaga
 
FiNC DDD第一回勉強会
FiNC DDD第一回勉強会FiNC DDD第一回勉強会
FiNC DDD第一回勉強会裕紀 重村
 
OAuth 2.0による認可の流れ
OAuth 2.0による認可の流れOAuth 2.0による認可の流れ
OAuth 2.0による認可の流れTakeshi Mikami
 
スマートフォン向けサービスにおけるサーバサイド設計入門
スマートフォン向けサービスにおけるサーバサイド設計入門スマートフォン向けサービスにおけるサーバサイド設計入門
スマートフォン向けサービスにおけるサーバサイド設計入門Hisashi HATAKEYAMA
 
メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月
メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月
メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月Masahiro Nagano
 
Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)
Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)
Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)NTT DATA Technology & Innovation
 
データ基盤の3分類と進化的データモデリング #DPCT
データ基盤の3分類と進化的データモデリング #DPCTデータ基盤の3分類と進化的データモデリング #DPCT
データ基盤の3分類と進化的データモデリング #DPCT@yuzutas0 Yokoyama
 
OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015
OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015
OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015Toru Yamaguchi
 
Microsoft Graph APIを活用した社内アプリケーション開発
Microsoft Graph APIを活用した社内アプリケーション開発Microsoft Graph APIを活用した社内アプリケーション開発
Microsoft Graph APIを活用した社内アプリケーション開発Yuki Hattori
 
New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)
New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)
New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)Altinity Ltd
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)
クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)
クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)都元ダイスケ Miyamoto
 
Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版
Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版
Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版junichi anno
 

Tendances (20)

JavaプログラマのためのWebSocket概要
JavaプログラマのためのWebSocket概要JavaプログラマのためのWebSocket概要
JavaプログラマのためのWebSocket概要
 
Virtual Machine Scale Sets 概要
Virtual Machine Scale Sets 概要Virtual Machine Scale Sets 概要
Virtual Machine Scale Sets 概要
 
FiNC DDD第一回勉強会
FiNC DDD第一回勉強会FiNC DDD第一回勉強会
FiNC DDD第一回勉強会
 
Keycloakの最近のトピック
Keycloakの最近のトピックKeycloakの最近のトピック
Keycloakの最近のトピック
 
OAuth 2.0による認可の流れ
OAuth 2.0による認可の流れOAuth 2.0による認可の流れ
OAuth 2.0による認可の流れ
 
XSS再入門
XSS再入門XSS再入門
XSS再入門
 
スマートフォン向けサービスにおけるサーバサイド設計入門
スマートフォン向けサービスにおけるサーバサイド設計入門スマートフォン向けサービスにおけるサーバサイド設計入門
スマートフォン向けサービスにおけるサーバサイド設計入門
 
KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するKeycloakでAPI認可に入門する
KeycloakでAPI認可に入門する
 
メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月
メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月
メルカリのデータベース戦略 / PHPとMySQLの怖い話 MyNA会2015年8月
 
08 préparer le pmp management des appro
08 préparer le pmp management des appro08 préparer le pmp management des appro
08 préparer le pmp management des appro
 
Introduction à Scrum
Introduction à ScrumIntroduction à Scrum
Introduction à Scrum
 
Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)
Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)
Managed Service Provider(MSP)によるマルチOrganizations管理の裏側(Security JAWS 第24回 発表資料)
 
データ基盤の3分類と進化的データモデリング #DPCT
データ基盤の3分類と進化的データモデリング #DPCTデータ基盤の3分類と進化的データモデリング #DPCT
データ基盤の3分類と進化的データモデリング #DPCT
 
OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015
OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015
OAuth 2.0 Web Messaging Response Mode - OpenID Summit Tokyo 2015
 
Keycloakの動向
Keycloakの動向Keycloakの動向
Keycloakの動向
 
Microsoft Graph APIを活用した社内アプリケーション開発
Microsoft Graph APIを活用した社内アプリケーション開発Microsoft Graph APIを活用した社内アプリケーション開発
Microsoft Graph APIを活用した社内アプリケーション開発
 
New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)
New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)
New features in ProxySQL 2.0 (updated to 2.0.9) by Rene Cannao (ProxySQL)
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
 
クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)
クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)
クラスメソッドにおける Web API エンジニアリングの基本的な考え方と標準定義 - Developers.IO 2018 (2018-10-05)
 
Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版
Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版
Windows PowerShell によるWindows Server 管理の自動化 v4.0 2014.03.13 更新版
 

En vedette

WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message BrokerWSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message BrokerWSO2
 
Introducing the WSO2 Platform
Introducing the WSO2 PlatformIntroducing the WSO2 Platform
Introducing the WSO2 PlatformWSO2
 
Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform WSO2
 
The Role of Governance in Connecting Businesses
The Role of Governance in Connecting BusinessesThe Role of Governance in Connecting Businesses
The Role of Governance in Connecting BusinessesWSO2
 
The WSO2 Advantage for a Connected Business
The WSO2 Advantage for a Connected Business The WSO2 Advantage for a Connected Business
The WSO2 Advantage for a Connected Business WSO2
 
Introduction to the Connected Business
Introduction to the Connected Business Introduction to the Connected Business
Introduction to the Connected Business WSO2
 
Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformWSO2
 
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...WSO2
 
WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012WSO2
 
Understanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyUnderstanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyWSO2
 
WSO2 Year End Tech Update Webinar
WSO2 Year End Tech Update Webinar WSO2 Year End Tech Update Webinar
WSO2 Year End Tech Update Webinar WSO2
 
Understanding the WSO2 Platform
Understanding the WSO2 PlatformUnderstanding the WSO2 Platform
Understanding the WSO2 PlatformWSO2
 

En vedette (12)

WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message BrokerWSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
 
Introducing the WSO2 Platform
Introducing the WSO2 PlatformIntroducing the WSO2 Platform
Introducing the WSO2 Platform
 
Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform
 
The Role of Governance in Connecting Businesses
The Role of Governance in Connecting BusinessesThe Role of Governance in Connecting Businesses
The Role of Governance in Connecting Businesses
 
The WSO2 Advantage for a Connected Business
The WSO2 Advantage for a Connected Business The WSO2 Advantage for a Connected Business
The WSO2 Advantage for a Connected Business
 
Introduction to the Connected Business
Introduction to the Connected Business Introduction to the Connected Business
Introduction to the Connected Business
 
Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware Platform
 
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
 
WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012
 
Understanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyUnderstanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and Technology
 
WSO2 Year End Tech Update Webinar
WSO2 Year End Tech Update Webinar WSO2 Year End Tech Update Webinar
WSO2 Year End Tech Update Webinar
 
Understanding the WSO2 Platform
Understanding the WSO2 PlatformUnderstanding the WSO2 Platform
Understanding the WSO2 Platform
 

Similaire à Access control patterns

Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialPrabath Siriwardena
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?Oliver Pfaff
 
Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases WSO2
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAmazon Web Services
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overviewguestf6dc99b
 
Opa in the api management world
Opa in the api management worldOpa in the api management world
Opa in the api management worldRed Hat
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...Amazon Web Services
 
Axiomatics webinar 13 june 2013 shared
Axiomatics webinar 13 june 2013 sharedAxiomatics webinar 13 june 2013 shared
Axiomatics webinar 13 june 2013 sharedFinn Frisch
 
2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api ManagementSmartWave
 
Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5Charlin Agramonte
 
Developing Web Services With Oracle Web Logic Server
Developing Web Services With Oracle Web Logic ServerDeveloping Web Services With Oracle Web Logic Server
Developing Web Services With Oracle Web Logic ServerGaurav Sharma
 
Wcf rest api introduction
Wcf rest api introductionWcf rest api introduction
Wcf rest api introductionHimanshu Desai
 
Introducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database ProfessionalsIntroducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database ProfessionalsLucas Jellema
 

Similaire à Access control patterns (20)

Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
Oracle API Gateway
Oracle API GatewayOracle API Gateway
Oracle API Gateway
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server Tutorial
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?
 
Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel Aviv
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overview
 
Opa in the api management world
Opa in the api management worldOpa in the api management world
Opa in the api management world
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access Control
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
 
Restful api
Restful apiRestful api
Restful api
 
Axiomatics webinar 13 june 2013 shared
Axiomatics webinar 13 june 2013 sharedAxiomatics webinar 13 june 2013 shared
Axiomatics webinar 13 june 2013 shared
 
2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management
 
Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5
 
Developing Web Services With Oracle Web Logic Server
Developing Web Services With Oracle Web Logic ServerDeveloping Web Services With Oracle Web Logic Server
Developing Web Services With Oracle Web Logic Server
 
Wcf rest api introduction
Wcf rest api introductionWcf rest api introduction
Wcf rest api introduction
 
Introducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database ProfessionalsIntroducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database Professionals
 

Plus de WSO2

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 

Plus de WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 

Dernier

GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowkapoorjyoti4444
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSkajalroy875762
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...NadhimTaha
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizharallensay1
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165meghakumariji156
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannaBusinessPlans
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubaijaehdlyzca
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxCynthia Clay
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfwill854175
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1kcpayne
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPanhandleOilandGas
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxRoofing Contractor
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon investment
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Adnet Communications
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon investment
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...pujan9679
 

Dernier (20)

GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 

Access control patterns

  • 1. Access  Control  Pa.erns  &  Prac0ces   with     WSO2  Middleware     Prabath  Siriwardena      
  • 2. About  Me   •  Director  of  Security  Architecture  at  WSO2   •  Leads  WSO2  Iden8ty  Server  –  an  open  source  iden8ty  and   en8tlement  management  product.   •  Apache  Axis2/Rampart  commiCer  /  PMC   •  A  member  of  OASIS  Iden8ty  Metasystem  Interoperability   (IMI)  TC,  OASIS  eXtensible  Access  Control  Markup  Language   (XACML)  TC  and  OASIS  Security  Services  (SAML)  TC.   •  TwiCer  :  @prabath   •  Email  :  prabath@apache.org   •  Blog  :  hCp://blog.facilelogin.com   •  LinkedIn  :  hCp://www.linkedin.com/in/prabathsiriwardena    
  • 3.      Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)
  • 4.     With the Discretionary Access Control, the user can be the owner of the data and at his discretion can transfer the rights to another user.
  • 5.     With Mandatory Access Control, only designated users are allowed to grant rights and, users cannot transfer them.
  • 6.     All WSO2 Carbon based products are based on Mandatory Access Control.
  • 7.     Group is a collection of Users - while a Role is a collection of permissions.
  • 8.     Authorization Table vs. Access Control Lists vs. Capabilities
  • 9.     Authorization Table is a three column table with subject, action and resource.
  • 10. With Access Control Lists, each resource is associated with a list, indicating, for each   subject, the actions that the subject can exercise on the resource.  
  • 11. With Capabilities, each subject has an associated list, called capability list, indicating,   for each resource, the accesses that the user is allowed to exercise on the resource.  
  • 12.     Access Control List is resource driven while capabilities are subject driven.
  • 13.     With policy based access control we can have authorization policies with a fine granularity.
  • 14.     Capabilities and Access Control Lists can be dynamically derived from policies.
  • 15.     XACML is the de facto standard for policy based access control.
  • 16.     XACML provides a reference architecture, a request response protocol and a policy language.
  • 17. XACML  Reference  Architecture   Policy  Administra0on   Point  (PAP)   Policy  Decision  Point   (PDP)   Policy  Store   Policy  Enforcement  Point   (PEP)   Policy  Informa0on  Point   (PIP)  
  • 18. WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (STS)   WSO2  Applica0on  Server   (SOAP  Service)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0ons  (Capabili0es)   SAML  token  request   Client  Applica0on   SAML  token  with   Authen0ca0on     and     Authoriza0on  Asser0on   +   Service  Request  
  • 19. WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (SAML2  IdP)   WSO2  Applica0on  Server   (Web  Applica0on)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0on  (Capabili0es)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
  • 20. Role  Based  Access  Control   WSO2  Applica0on  Server   (SOAP  Service)   Client  Applica0on   Service  Request  +  Creden0als   WSO2  ESB   (Policy  Enforcement   Point)   RBAC  
  • 21. WSO2  ESB  as  the  XACML  PEP  (SOAP  and  REST)   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   WSO2  Applica0on  Server   (SOAP  Service)   XACML  Request   WSO2  ESB   (Policy  Enforcement   Point)   Client  Applica0on   Service  Request  +  Creden0als  
  • 22. XACML  PEP  as  a  Servlet  Filter   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   XACML  Request   XACML    Servlet  Filter   Client  Applica0on   WSO2  Applica0on  Server   Service  Request  +  Creden0als  
  • 23. OAuth  +  XACML   WSO2  Iden0ty  Server   (OAuth   Authoriza0on  Server)   XACML     Request   Validate()   XACML  Response   WSO2  Iden0ty  Server   (XACML  PDP)   API  Gateway   Access   Token   Client  Applica0on  
  • 24. Authoriza0on  with  External  IdPs  (Role  Mapping)   WSO2  Iden0ty  Server   IdP   Groups   External  SAML2  IdP   (Salesforce)   SAML  token  with  Authen0ca0on     and  A.ribute  Asser0ons  with  IdP  groups   Web  App     roles   WSO2  Applica0on  Server   (Web  Applica0on)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
  • 25.       Liferay  Portal                             XACML  Mul0ple  Decisions  and     Applica0on  Specific  Roles   XACML  Request   WSO2  Iden0ty  Server   (XAML  PDP)   XACML  Response   Login  
  • 26. lean  .  enterprise  .  middleware