Sunday, July 22, 2012

Pin It


Get Gadget

Providing XACML Fine Grained Authorization to WebApps : Using WSO2 Identity Server - Part 1

What is XACML Fine Grained Authorization ?

When we talk about a resource ( Here resource is the Webapp hosted in either WSO2 Application Server, Apache Tomcat  etc.) we have to talk about authorization of the users who use those resources. That means some users are authorized to uses the resource and some are not. So what is mean by Fine Grained Authorization ? Traditionally authorization of the user for resource is decided by the users,resource and the action which user does on the resource. But  if we can provided authorization based on user, resource, action user does on resources, environment, time, user's role etc. that is fine grained authorization. We use more details of the scenario to decide the authorization of the user. For a example if there is requirement like this, " This document can be edited by only AndunSLG, who is a Teacher and between 8am to 10am at the school office premises". The given requirement is a fine grained authorization requirement.
To evaluate such requirement against users request, we have to document those fine grained authorization requirements. Those are called Polices. XACML is used to document these kind of polices. We can evaluate user's requirements against these XACML polices using a XACML engine.
We can use WSO2 Identity Server for this requirement. It have a XACML Policy Engine where users can evaluate there requests. Also it provides so many functionalities related to XACML Authorization At the end I have given lot of references where you can learn about XACML.

References,

XACML Policy Language
WSO2 Identity Server

No comments:

Post a Comment