SlideShare a Scribd company logo

Addressing Security Concerns with WSO2 Governance Registry Policy Store

WSO2
WSO2
Technology
1 of 17
Download to read offline
Addressing Security Concerns with WSO2 Governance Registry as Policy Store Arudsothy  Sriragu   (S   rArudsothy Sriragu (Senior Software Engineer-WSO2 Governance Registry) & Eranda Sooriyabandara (Senior Software Engineer-WSO2 Governance Registry)  Engineer-­‐WSO2  Governance  Registry)   &   Eranda  Sooriyabandara   (Senior  Software  Engineer-­‐WSO2  Governance   Registry)  
About WSO2 •  Providing the only complete open source componentized cloud platform –  Dedicated to removing all the stumbling blocks to enterprise agility –  Enabling you to focus on business logic and business value •  Recognized by leading analyst firms as visionaries and leaders –  Gartner cites WSO2 as visionaries in all 3 categories of application infrastructure –  Forrester places WSO2 in top 2 for API Management •  Global corporation with offices in USA, UK & Sri Lanka –  200+ employees and growing •  Business model of selling comprehensive support & maintenance for our products
150+ globally positioned support customers
Agenda }  Understanding the policy enforcement in SOA environment }  Why does a typical SOA enterprise need policy management }  Some terminologies used in policy enforcement }  How WSO2 Identity Server plays as XACML policy engine }  Run-time policy vs Design-time policy }  Demo - Sample usecase where WSO2 Governance Registry can be used as policy store }  Q&A
Understand the policy enforcement in SOA environment }  A typical service oriented enterprise will have mainly three objects in interaction which are service consumers, services and resources }  How can a SOA environment control varies authorization level depends on the consumer type such as admin user, publisher level user, subscriber level user, login level user..etc. }  To address the above complexity SOA environment forced to have a varies type of policies. }  Therefore applying policies for SOA environment to control its activities during the service consumption or service design will be called as policy enforcement.
Why a typical SOA enterprise need policy management }  To control authorization level among the users accessing the services in any typical SOA environment. }  Prevent Unauthorized access to the services must be prevented. }  Quality of service should be managed by service policy. Therefore SOA enterprise needs a policy management system. }  Giving the access to the correct version of the service based on the consumer type. It can be managed by a versioning policy. }  SOA enterprises need to enforce the policy to accept the content passed as payload in terms of encoding format.    
Some terminologies used in policy enforcement }  PEP -it stands for policy enforcement point where the incoming request is received and authorization request will be generated and sent over to authorization engine. }  PIP - stands for policy information point where information about policy elements such as attribute value and meaning, resource information used in policy, environment in which the particular policy to be evaluated. }  PDP - stands for policy decision point where the authorization request is evaluated which has been sent by the PEP and decision is made whether to authorize or not. This point in general called as authorization engine since it is the decision maker for authorization request.
Contd……… }  PAP - stands for policy administration point where the policy is managed. }  PRP - stands for policy retrieval point where the policy is stored and retrieved by authorization engine to evaluate against the incoming authorization request. }  WSO2 IS can be used as a PAP, PIP and PDP. }  WSO2 Governance Registry is used as PRP. }  WSO2 ESB can be used as PEP.
How WSO2 Identity Server plays as XACML policy engine }  WSO2 IS uses the xacml policy based authorization. XACML stands for eXtensible access control markup language. }  WSO2 IS has the capability to play as a XACML based authorization engine. }  WSO2 IS makes decision based on the policy relevant to the request, in other word IS functions as policy decision point. }  WSO2 Identity Server (IS) makes authorization decision based on XACML request. }  IS returns it authorization response to the policy enforcement point with what action to be taken for the client request. Response will be allow or deny the access.
Run-time policy vs Design-time policy }  Design time policies define the behavior of the service at the design time while the runtime policies define the behavior of the service at the runtime. }  Design time policies are enforced during the period when developer creates the services. For an example, WS-security to be used for security mechanisms. }  An example of runtime policy would be "Only users with admin role are allowed to update the resource A between 10 and 12 o'clock. This policy will be enforced and evaluated at the service invocation.
Demo
Demo
Demo }  Client requests some resource via ESB proxy service. }  When the ESB receives the client request “entitlement mediator”[PEP] will generate the xacml request and call the WSO2 IS [PDP] “entitlement admin service” endpoint. }  WSO2 IS retrieves the policy stored in the Governance Registry and evaluates xacml request. WSO2 IS functions as xacml engine }  Depends on the decision made by the IS request will be processed further and returned the resource to the client or returned with an unauthorized message.
References }  http://wso2.com/library/articles/2011/08/finegrained-authorization- restful-services-xacml }  http://wso2.com/library/articles/2011/10/understanding-xacml- policy-language-xacml-extended-assertion-markup-langue-part-1 }  http://blog.facilelogin.com/2009/06/guide-to-write-xacml-policies- in-wso2.html }  http://hasini-gunasinghe.blogspot.com/2011/12/entitlement- service-xacml-pdp-as-web.html }  http://blog.facilelogin.com/2009/05/identity-server-20-as-xacml- engine.html
Questions and Answers        Q                  &                  A
Engage with WSO2 •  Helping you get the most out of your deployments •  From project evaluation and inception to development and going into production, WSO2 is your partner in ensuring 100% project success
Engage with WSO2 •  Helping you get the most out of your deployments •  From project evaluation and inception to development and going into production, WSO2 is your partner in ensuring 100% project success

Recommended

Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
WSO2
 
Integration Solution Patterns
Integration Solution Patterns Integration Solution Patterns
Integration Solution Patterns
WSO2
 
Rxt demo-part3
Rxt demo-part3Rxt demo-part3
Rxt demo-part3
WSO2
 
Enterprise Governance - The Key to Success
Enterprise Governance - The Key to Success Enterprise Governance - The Key to Success
Enterprise Governance - The Key to Success
WSO2
 
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 IntegrationWSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2
 
Introduction to Configurable Governance Artifacts
Introduction to Configurable Governance ArtifactsIntroduction to Configurable Governance Artifacts
Introduction to Configurable Governance Artifacts
WSO2
 
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital TransformationWSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2
 
Streamline your SOA Portfolio
Streamline your SOA Portfolio Streamline your SOA Portfolio
Streamline your SOA Portfolio
WSO2
 

Recommended

Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
WSO2
 
Integration Solution Patterns
Integration Solution Patterns Integration Solution Patterns
Integration Solution Patterns
WSO2
 
Rxt demo-part3
Rxt demo-part3Rxt demo-part3
Rxt demo-part3
WSO2
 
Enterprise Governance - The Key to Success
Enterprise Governance - The Key to Success Enterprise Governance - The Key to Success
Enterprise Governance - The Key to Success
WSO2
 
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 IntegrationWSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 Integration
WSO2
 
Introduction to Configurable Governance Artifacts
Introduction to Configurable Governance ArtifactsIntroduction to Configurable Governance Artifacts
Introduction to Configurable Governance Artifacts
WSO2
 
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital TransformationWSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2
 
Streamline your SOA Portfolio
Streamline your SOA Portfolio Streamline your SOA Portfolio
Streamline your SOA Portfolio
WSO2
 
Observability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise IntegratorObservability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise Integrator
WSO2
 
WSO2 Summit London 2018: Delivering Business Value with WSO2
WSO2 Summit London 2018: Delivering Business Value with WSO2WSO2 Summit London 2018: Delivering Business Value with WSO2
WSO2 Summit London 2018: Delivering Business Value with WSO2
WSO2
 
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
WSO2
 
[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management
WSO2
 
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
WSO2
 
Developing, Administering and Debugging with WSO2 Enterprise Integrator
Developing, Administering and Debugging with WSO2 Enterprise IntegratorDeveloping, Administering and Debugging with WSO2 Enterprise Integrator
Developing, Administering and Debugging with WSO2 Enterprise Integrator
WSO2
 
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
WSO2
 
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2
 
WSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital ConnectorWSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital Connector
WSO2
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2
 
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
WSO2
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud Service
ForgeRock
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
WSO2
 
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2
 
McKesson Case Study
McKesson Case StudyMcKesson Case Study
McKesson Case Study
ForgeRock
 
WSO2 Enterprise Integrator 101
WSO2 Enterprise Integrator 101WSO2 Enterprise Integrator 101
WSO2 Enterprise Integrator 101
WSO2
 
Seamless Integration of Data in E Government
Seamless Integration of Data in E Government Seamless Integration of Data in E Government
Seamless Integration of Data in E Government
WSO2
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business value
WSO2
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
WSO2
 
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
WSO2
 

More Related Content

What's hot

WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2
 
Seamless Integration of Data in E Government
Seamless Integration of Data in E Government Seamless Integration of Data in E Government
Seamless Integration of Data in E Government
WSO2
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business value
WSO2
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2
 

What's hot (20)

Observability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise IntegratorObservability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise Integrator
 
WSO2 Summit London 2018: Delivering Business Value with WSO2
WSO2 Summit London 2018: Delivering Business Value with WSO2WSO2 Summit London 2018: Delivering Business Value with WSO2
WSO2 Summit London 2018: Delivering Business Value with WSO2
 
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
[WSO2Con EU 2017] WHO CARES? A WSO2 Cloud Oriented Reference Architecture for...
 
[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management
 
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
 
Developing, Administering and Debugging with WSO2 Enterprise Integrator
Developing, Administering and Debugging with WSO2 Enterprise IntegratorDeveloping, Administering and Debugging with WSO2 Enterprise Integrator
Developing, Administering and Debugging with WSO2 Enterprise Integrator
 
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
[WSO2Con EU 2017] Deriving Insights for Your Digital Business with Analytics
 
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
 
WSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital ConnectorWSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital Connector
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
 
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud Service
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
 
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
 
McKesson Case Study
McKesson Case StudyMcKesson Case Study
McKesson Case Study
 
WSO2 Enterprise Integrator 101
WSO2 Enterprise Integrator 101WSO2 Enterprise Integrator 101
WSO2 Enterprise Integrator 101
 
Seamless Integration of Data in E Government
Seamless Integration of Data in E Government Seamless Integration of Data in E Government
Seamless Integration of Data in E Government
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business value
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
 

Viewers also liked

Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
WSO2
 
Integração SAP com Plataformas 100% OpenSource
Integração SAP com Plataformas 100% OpenSourceIntegração SAP com Plataformas 100% OpenSource
Integração SAP com Plataformas 100% OpenSource
WSO2
 
Dealing with Common Data Requirements in Your Enterprise
Dealing with Common Data Requirements in Your EnterpriseDealing with Common Data Requirements in Your Enterprise
Dealing with Common Data Requirements in Your Enterprise
WSO2
 
Solution Architecture Patterns for Digital Transformation
Solution Architecture Patterns for Digital TransformationSolution Architecture Patterns for Digital Transformation
Solution Architecture Patterns for Digital Transformation
WSO2
 
2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?
WSO2
 
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
WSO2
 

Viewers also liked (8)

WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
 
Integração SAP com Plataformas 100% OpenSource
Integração SAP com Plataformas 100% OpenSourceIntegração SAP com Plataformas 100% OpenSource
Integração SAP com Plataformas 100% OpenSource
 
Java 8 ​and ​Best Practices
Java 8 ​and ​Best Practices Java 8 ​and ​Best Practices
Java 8 ​and ​Best Practices
 
Dealing with Common Data Requirements in Your Enterprise
Dealing with Common Data Requirements in Your EnterpriseDealing with Common Data Requirements in Your Enterprise
Dealing with Common Data Requirements in Your Enterprise
 
Solution Architecture Patterns for Digital Transformation
Solution Architecture Patterns for Digital TransformationSolution Architecture Patterns for Digital Transformation
Solution Architecture Patterns for Digital Transformation
 
2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?
 
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
Soluciones para Mejorar la Toma de Decisiones, la Analítica en Tiempo Real y ...
 

Similar to Addressing Security Concerns with WSO2 Governance Registry Policy Store

Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
Prolifics
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 Stratos
WSO2
 
Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring
WSO2
 
Data-As-A-Service to enable compliance reporting
Data-As-A-Service to enable compliance reportingData-As-A-Service to enable compliance reporting
Data-As-A-Service to enable compliance reporting
AnalyticsWeek
 
SOA Pattern : Policy Centralization
SOA Pattern : Policy CentralizationSOA Pattern : Policy Centralization
SOA Pattern : Policy Centralization
WSO2
 

Similar to Addressing Security Concerns with WSO2 Governance Registry Policy Store (20)

Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
Leveraging Governance in the IBM WebSphere Service Registry and Repository fo...
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
 
Whitepaper: Software Defined Data Center – An Implementation view - Happiest ...
Whitepaper: Software Defined Data Center – An Implementation view - Happiest ...Whitepaper: Software Defined Data Center – An Implementation view - Happiest ...
Whitepaper: Software Defined Data Center – An Implementation view - Happiest ...
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 Stratos
 
Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring
 
Data-As-A-Service to enable compliance reporting
Data-As-A-Service to enable compliance reportingData-As-A-Service to enable compliance reporting
Data-As-A-Service to enable compliance reporting
 
Azure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalkAzure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalk
 
License Position Snapshot Service
License Position Snapshot ServiceLicense Position Snapshot Service
License Position Snapshot Service
 
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
 
Qualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptx
 
SOA Pattern : Policy Centralization
SOA Pattern : Policy CentralizationSOA Pattern : Policy Centralization
SOA Pattern : Policy Centralization
 
SOX Cloud Criteria Cloud Hosted Accounting
SOX Cloud Criteria Cloud Hosted AccountingSOX Cloud Criteria Cloud Hosted Accounting
SOX Cloud Criteria Cloud Hosted Accounting
 
4. cloud procurement
4. cloud procurement4. cloud procurement
4. cloud procurement
 
Concorde Solutions ITAM Review Tools Day
Concorde Solutions ITAM Review Tools Day Concorde Solutions ITAM Review Tools Day
Concorde Solutions ITAM Review Tools Day
 
20150113
2015011320150113
20150113
 
APAC Data centre Service Provider landscape - FrostIQ
APAC Data centre Service Provider landscape - FrostIQAPAC Data centre Service Provider landscape - FrostIQ
APAC Data centre Service Provider landscape - FrostIQ
 
Service Analysis And Design
Service Analysis And DesignService Analysis And Design
Service Analysis And Design
 
SCOM 2012 service SaaS
SCOM 2012 service SaaSSCOM 2012 service SaaS
SCOM 2012 service SaaS
 
Service Oriented Architecture
Service Oriented ArchitectureService Oriented Architecture
Service Oriented Architecture
 
INTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specificationsINTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specifications
 

More from WSO2

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 

More from WSO2 (20)

Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 

Recently uploaded

ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 
Motion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in TechnologyMotion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in Technology
UXDXConf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 

Recently uploaded (20)

WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Motion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in TechnologyMotion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in Technology
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 

Addressing Security Concerns with WSO2 Governance Registry Policy Store

  • 1. Addressing Security Concerns with WSO2 Governance Registry as Policy Store Arudsothy  Sriragu   (S   rArudsothy Sriragu (Senior Software Engineer-WSO2 Governance Registry) & Eranda Sooriyabandara (Senior Software Engineer-WSO2 Governance Registry)  Engineer-­‐WSO2  Governance  Registry)   &   Eranda  Sooriyabandara   (Senior  Software  Engineer-­‐WSO2  Governance   Registry)  
  • 2. About WSO2 •  Providing the only complete open source componentized cloud platform –  Dedicated to removing all the stumbling blocks to enterprise agility –  Enabling you to focus on business logic and business value •  Recognized by leading analyst firms as visionaries and leaders –  Gartner cites WSO2 as visionaries in all 3 categories of application infrastructure –  Forrester places WSO2 in top 2 for API Management •  Global corporation with offices in USA, UK & Sri Lanka –  200+ employees and growing •  Business model of selling comprehensive support & maintenance for our products
  • 3. 150+ globally positioned support customers
  • 4. Agenda }  Understanding the policy enforcement in SOA environment }  Why does a typical SOA enterprise need policy management }  Some terminologies used in policy enforcement }  How WSO2 Identity Server plays as XACML policy engine }  Run-time policy vs Design-time policy }  Demo - Sample usecase where WSO2 Governance Registry can be used as policy store }  Q&A
  • 5. Understand the policy enforcement in SOA environment }  A typical service oriented enterprise will have mainly three objects in interaction which are service consumers, services and resources }  How can a SOA environment control varies authorization level depends on the consumer type such as admin user, publisher level user, subscriber level user, login level user..etc. }  To address the above complexity SOA environment forced to have a varies type of policies. }  Therefore applying policies for SOA environment to control its activities during the service consumption or service design will be called as policy enforcement.
  • 6. Why a typical SOA enterprise need policy management }  To control authorization level among the users accessing the services in any typical SOA environment. }  Prevent Unauthorized access to the services must be prevented. }  Quality of service should be managed by service policy. Therefore SOA enterprise needs a policy management system. }  Giving the access to the correct version of the service based on the consumer type. It can be managed by a versioning policy. }  SOA enterprises need to enforce the policy to accept the content passed as payload in terms of encoding format.    
  • 7. Some terminologies used in policy enforcement }  PEP -it stands for policy enforcement point where the incoming request is received and authorization request will be generated and sent over to authorization engine. }  PIP - stands for policy information point where information about policy elements such as attribute value and meaning, resource information used in policy, environment in which the particular policy to be evaluated. }  PDP - stands for policy decision point where the authorization request is evaluated which has been sent by the PEP and decision is made whether to authorize or not. This point in general called as authorization engine since it is the decision maker for authorization request.
  • 8. Contd……… }  PAP - stands for policy administration point where the policy is managed. }  PRP - stands for policy retrieval point where the policy is stored and retrieved by authorization engine to evaluate against the incoming authorization request. }  WSO2 IS can be used as a PAP, PIP and PDP. }  WSO2 Governance Registry is used as PRP. }  WSO2 ESB can be used as PEP.
  • 9. How WSO2 Identity Server plays as XACML policy engine }  WSO2 IS uses the xacml policy based authorization. XACML stands for eXtensible access control markup language. }  WSO2 IS has the capability to play as a XACML based authorization engine. }  WSO2 IS makes decision based on the policy relevant to the request, in other word IS functions as policy decision point. }  WSO2 Identity Server (IS) makes authorization decision based on XACML request. }  IS returns it authorization response to the policy enforcement point with what action to be taken for the client request. Response will be allow or deny the access.
  • 10. Run-time policy vs Design-time policy }  Design time policies define the behavior of the service at the design time while the runtime policies define the behavior of the service at the runtime. }  Design time policies are enforced during the period when developer creates the services. For an example, WS-security to be used for security mechanisms. }  An example of runtime policy would be "Only users with admin role are allowed to update the resource A between 10 and 12 o'clock. This policy will be enforced and evaluated at the service invocation.
  • 11. Demo
  • 12. Demo
  • 13. Demo }  Client requests some resource via ESB proxy service. }  When the ESB receives the client request “entitlement mediator”[PEP] will generate the xacml request and call the WSO2 IS [PDP] “entitlement admin service” endpoint. }  WSO2 IS retrieves the policy stored in the Governance Registry and evaluates xacml request. WSO2 IS functions as xacml engine }  Depends on the decision made by the IS request will be processed further and returned the resource to the client or returned with an unauthorized message.
  • 14. References }  http://wso2.com/library/articles/2011/08/finegrained-authorization- restful-services-xacml }  http://wso2.com/library/articles/2011/10/understanding-xacml- policy-language-xacml-extended-assertion-markup-langue-part-1 }  http://blog.facilelogin.com/2009/06/guide-to-write-xacml-policies- in-wso2.html }  http://hasini-gunasinghe.blogspot.com/2011/12/entitlement- service-xacml-pdp-as-web.html }  http://blog.facilelogin.com/2009/05/identity-server-20-as-xacml- engine.html
  • 15. Questions and Answers        Q                  &                  A
  • 16. Engage with WSO2 •  Helping you get the most out of your deployments •  From project evaluation and inception to development and going into production, WSO2 is your partner in ensuring 100% project success
  • 17. Engage with WSO2 •  Helping you get the most out of your deployments •  From project evaluation and inception to development and going into production, WSO2 is your partner in ensuring 100% project success