SlideShare ist ein Scribd-Unternehmen logo
1 von 65
Downloaden Sie, um offline zu lesen
UNIVERSITY OF MORATUWA

                         Faculty of Engineering

              Non-GPA Module 399: Industrial Training

                         TRAINING REPORT



Field                      : Computer Science and Engineering

Name                       : M.K.P.R. Jayawardhana

Registration Number        : 080201N

Field                      : Computer Science and Engineering
Training Establishment     : WSO2 Lanka (pvt) Ltd

Training Period             : (28.02.2011 -24.06.2011) – (12.08.2011-23.09.2011)

Date of Submission         : 01.10.2011

                                                                         Page | - 0 -
PREFACE

This document is presented at the end of the internship period I had from 28th February 2011 –
23rd September 2011 at WSO2 Lanka (pvt) Ltd, No. 59, Flower Road, Colombo 07 as a trainee
software engineer. The document is arranged into three main chapters that present different
aspects of the training I got. This contains basic information about the establishment and deep
information on the training I received and my personal views on the internship period
considering the whole experience.

The first chapter is dedicated to the information on the training establishment. Without having a
good understanding about the functionalities of the company, the procedures, organization
hierarchy and structure it is difficult to comfortable move with the staff, getting things done in
the correct way. To give my maximum contribution while learning from the company I have to
have a good understanding on the business the company is involved in and the technologies and
development standards and models they follow. With all these, this chapter also includes my
personal score on the current performance of WSO2.

The second chapter is totally dedicated to the experience I had in internship period. This includes
all the technical work; I was exposed to as well as the non-technical experiences. This describes
how I completed the tasks I was given and how I resolved the difficulties I came across while
doing them. In explaining the task, the implementations were mostly described using diagrams
that I feel it is the best way to present them and samples are given at relevant places which I
actually used for testing purposes and outcomes of them. This technical section in detail
describes the functionality of the Entitlement handler and implementation of SAML to XACML
in the WSO2 Identity Server with an introduction to the tools I used and the security concepts I
got familiar with while doing that. The technologies I got exposed are also discussed with what I
have learnt from them. The non-technical experiences such as trips and WSO2Con-2011 are
described considering the great effects they had on building up a professional personality within
me, getting to know more of the staff, company and industry practices.

In the third chapter, I have discussed the effectiveness and personal feelings towards training as
a whole. Also it provides a personal assessment on own experience and the whole industrial
training programme from the co-ordination to the end, with suggestions to improve.

                                                                                           Page | i
ACKNOWLEDGEMENTS

At the very beginning of this report on my work in the internship period, it‟s my privilege to
thank the people who contribute to make it such a great experience for my life. If not for the
support of them, from arranging training establishment selections to successful completion of the
24 weeks, it would not be this effective.

I heart fully thank Ms. Vishakha Nanayakkara, the former Head of Department, Computer
Science and Engineering, University of Moratuwa for the immense effort taken to provide us
with best training establishments. Also the guidance given on how to extract the value of this
internship period was invaluable. Also I am so grateful to Dr. Malaka Walpola, the Industrial
Training Coordinator for the huge commitment shown in making sure each and every student is
getting a training establishment. The support given by resolving our selections, organizing mock
interviews, coordinating with the industry and giving friendly guidance whenever needed is
incomparably great.

Also I must thank all the members in Industrial Training Division of the University of Moratuwa
and NAITA (National Apprentice and Industrial Training Authority) for guiding us from the
very beginning and for the work carried out throughout our internship period to make it a
success, giving us a complete experience in the industry.

I am so grateful to Dr. Sanjiva Weerawarana, Founder, Chairman and CEO of WSO2 for giving
us this invaluable opportunity to learn in an internationally recognized company within a friendly
environment. Then I would like to thank Mr. Supun Kamburugamuva, Technical Lead and Mr.
Selvaratnam Uthaiyashankar who interviewed me and recommended me for the internship at
WSO2. Also I am thankful to Mr. Samisa Abeysinghe, VP of Engineering for the given guidance
on how to improve and proceed using the resources provided and for giving us the opportunity to
feel the beauty of a technical career giving appropriate responsibilities. I am thankful to Ms.
Udeshika Ratnavira, Senior Manager, Administration and HR, for the friendly support given in
any issue I came up with. The work done in coordination with university and making us a part of
the WSO2 family is really appreciated.




                                                                                         Page | ii
I am so much grateful to the IS (Identity Server) team for all the support given throughout my
stay at WSO2. I specially thank Mr. Asela Pathberiya, Senior Software Engineer, assigned
mentor for me, for immense support and guidance given in completing any task given to me.
Highly appreciate the support given at anytime, instead of the busy schedules and so grateful for
the kind clarifications done whenever I was stuck. Also I am thankful to Mr. Prabath Siriwardena
Architect & Product Manager – Carbon Platform & Security, for great selection of works
assigned to me. The flow of work assigned to me, was well organized so that I could grow step
by step. I am thankful to the whole IS team including Mr. Thilina Buddhika and Ms. Hasini
Ganasinghe for the friendly environment and support given throughout my internship period.

I am thankful to each and every member of the WSO2 family in technical, non-technical and
support staff, for the friendly environment provided and been a helping hand whenever needed. I
did not have to worry having any technical issue or non-technical issue that there was always
someone I could get help from or ask guidance.

Thank you very much everyone for making this internship period such a fruitful experience for
my life, widening my horizons!




                                                                                        Page | iii
Table of Contents


1     Introduction to the Training Establishment ....................................................................... 1


1.1         WSO2 Incorporated 1

1.2         Evolution of WSO2 3

1.3         WSO2 Vision 3
    1.3.1      Reinvent the Technology .............................................................................................. 3
    1.3.2      Reinvent the Business Relationship ............................................................................. 4
    1.3.3      Reinvent the Support Model ......................................................................................... 4
    1.3.4      Create a Great Place to Work ....................................................................................... 5

1.4         WSO2 Business Model                                  6
    1.4.1      Support and Service model ........................................................................................... 6

1.5         Organizational Structure 9
    1.5.1      Employee Hierarchy ..................................................................................................... 9
    1.5.2      Communication .......................................................................................................... 10
    1.5.3      The WSO2 Team ........................................................................................................ 10

1.6         WSO2 Products and Services 12

1.7         Performance of WSO2                                  13
    1.7.1      Strengths ..................................................................................................................... 14
    1.7.2      Weaknesses ................................................................................................................. 16
    1.7.3      Service to Sri Lankan Society .................................................................................... 16

1.8         Suggestions to Improve                               17

2     Training Experience ............................................................................................................ 18


2.1         Joining WSO2 Family                                  18

2.2         Induction 19

2.3         Development Environment                                          20

                                                                                                                                    Page | iv
2.4         Hands on Ws – Security 21
    2.4.1       Sample Client for IS ................................................................................................... 23
    2.4.2       Entitlement Handler .................................................................................................... 25

2.5         Implement SAML to XACML 31

2.6         Other Technical Experiences                                      43
    2.6.1       Apache Team .............................................................................................................. 43
    2.6.2       Training Sessions ........................................................................................................ 45

2.7         Other Non – Technical Experiences 45
    2.7.1       Demonstration ............................................................................................................ 45
    2.7.2       WSO2 Annual Trip ..................................................................................................... 46
    2.7.3       Sports, Entertainment and other activities .................................................................. 48

2.8         WSO2Con – 2011                            49

3     Conclusion ............................................................................................................................ 50


3.1         Importance of Industrial Training                                           50

3.2         Satisfaction                   50

3.3         WSO2 as a Training Establishment 51

3.4         Overall Training Programme 52




                                                                                                                                    Page | v
List of Figures


Figure 1.1 WSO2 Company Logo .................................................................................................. 1
Figure 1.2 Employee Hierarchy ...................................................................................................... 9
Figure 2.1 Entitlement Handler Structure ..................................................................................... 27
Figure 2.2 Inside .mar file Entitlement Handler ........................................................................... 30
Figure 2.3 Flow of secured server to server communication ........................................................ 33
Figure 2.4 The Structure of the XACMLAuthzDecisionQueryType ........................................... 36
Figure 2.5 The Structure of the SAML Response......................................................................... 40
Figure 2.6 Signing Procedure ....................................................................................................... 41
Figure 2.7 Validation Process ....................................................................................................... 41




                                                                                                                            Page | vi
1   Introduction to the Training Establishment
1.1 WSO2 Incorporated




                              Figure 1.1 WSO2 Company Logo




As the name WSO2 stands for Web Services Oxygen, the company is truly about giving a deep
breath of relief to the people who are finding enterprise solutions in the web space. Being
founded in 2005 by pioneers in XML and web services technologies and standards as well as
open source, WSO2 offers a complete SOA platform, 100% free and open source and with cloud
approach through WSO2 Stratos, the world‟s only 100% open source PaaS is offered by recent
times.

WSO2 is mainly focused on developing and producing top quality products and they have the
base on the free and open source Apache software stack. Hence all of the products are released
under the Apache Software License. The company consists of locally and globally recognized set
of passionate software engineers who enjoy their dedication to the industry. Most of them are
committers of software projects like Axis2, Rampart, Synapse, Sandesha, Transport, Cassandra,
Commons of the Apache foundation and various other software communities including Eclipse,
Ruby and Rails. All the products at WSO2 are developed around one core called „core carbon
framework‟ which has the base in Apache Axis2 and company encourage employees to build
their own personal brand contributing these projects.

In providing web based solutions, WSO2 is offering 12 servers that gather a perfectly designed
environment to implement a business solution in agile manner. For example WSO2 – IS can
shape into a customized environment providing authentication and authorization services to a
shopping context or to a military context. StartosLive provides all the services of these servers
100% free in the cloud environment.



                                                                                         Page | 1
Being 100% free and open source, someone may wonder whether this can make a sustainable
business. The business strategy at WSO2 is providing training, support and consultancy for their
products to the customers. As products are free to download, test and play with, if the customer
is willing to have WSO2 support and training to bring up a business solution for them, then they
are charged for that service. The company maintains a SOA developer portal called „WSO2
Oxygen Tank‟ which includes a knowledge base, articles, webinars, screen casts and tutorials
which simply creates an online resource center for anyone who is willing to try WSO2 products
with no cost.

Apart from Apache, being an open source company WSO2 has built so many connections around
the world and can list few of them as follows,

       The World Wide Web Consortium (W3C)               OpenID Foundation

       NBQSA Competitions                                AMQP Working Group

       SOAP, WSDL and WS-SEC standards                   OCERT and OAuth

       Microsoft‟s InterOP Vendor Alliance               InfoCard Foundation

       OASIS

WSO2 is a global company with offices in USA, UK and Sri Lanka and having customers
worldwide. The UK office is mainly focused on marketing and customer relations and the newly
opened USA office at Palo Alto is in its growing stages regarding the technical development
activities. The branch in Sri Lanka act as the main research and development center of WSO2
and have currently operate from three offices at No.59, Flower Rd, Colombo 07, No.50, Flower
Rd, Colombo 07 and No.58, Dharmapala Mw, Kollupitiya.

Being just 6 years old in the industry, WSO2 has shown immense growth that sometimes the
customers have admired WSO2 above the industry giants like IBM and Oracle. Recently it has
being stated as one of the top ten open-source SOA companies in the world with a comparatively
little team in size. WSO2 has brought lot of opportunities to Sri Lankans and growing smarter
day by day to remark the Sri Lankan contribution to the software industry.




                                                                                        Page | 2
1.2 Evolution of WSO2


04th August 2005 is declared as the birthday of WSO2 and that selection was done as lot of
important things regarding the company has happened around that day, within August to
September, such as      incorporation of the USA Company, incorporation of the Sri Lankan
company and incorporation of UK Company. At first the co-founders of WSO2 has named it as
„Serendib Systems‟ and has later changed it due to a request of an investor [2].

With the funding received by the investors company has then proceeded with implementation of
carbon platform with bunch of experts they had by the time and after few hard times company
had emerged into the middleware industry with lot of efforts and sacrifices from the team.
Currently WSO2 stands as a competitor to the giants like Oracle and IBM who were at the
business for decades.




1.3 WSO2 Vision


WSO2 has a very clear vision regarding the platform, customers, employees and growth that
everything is decided on these basics. Following are the four categories WSO2 vision is created
of to lead the company to success and compete globally.

1.3.1 Reinvent the Technology
At the WSO2 was founded on there were many giants in the industry like Oracle and IBM and
still WSO2 enters the market segment with the belief that they can re-invent that technology in a
better way. A way that is simpler and more straightforward from project conception to the finish
at long-term production management. WSO2 had the advantage they could start from the scratch,
and make full benefit of hindsight, and to develop the most advanced middleware platform
available today. Having known the pitfalls in advance the platform was designed so defending to
overcome the issues and increase performance. Having used OSGI framework, WSO2‟s
component model enables a lean, high performance approach with self-consistency across the
platform. and fully customizable – adapting to your project Instead of forcing the project to adapt


                                                                                           Page | 3
to the middleware, WSO2 provides flexibility to be customized as the customer needs. Building
multi-tenancy, elasticity, instant provisioning, and metering to the whole platform and making it
available as a service (PaaS) in public and private clouds WSO2 is playing a great role in cloud
computing too.

1.3.2 Reinvent the Business Relationship
Although the technology at WSO2 is leading edge, the core value is recognized as the quality of
the business relationship with the customer. So WSO2 has taken radical steps to a customer-
oriented company.

All the software is 100% open source, built in under a fully open and transparent development
process at wso2.org mailing lists and at the ASF. There are no any license fees or trial version
that expires within a period, as all the products are released under the Apache License 2.0 which
means that there is no any restriction on the products. There is no community license or
evaluation license and anyone using the same version of product has the same functionalities.

The value WSO2 brings to products uniquely is the relationship build with customers in
customizing the products to meet the maximum efficiency for the customer‟s context. Through
the highest quality training, support, consulting services, 24x7x365 production support, or an
entire solution, WSO2‟s sole objective is to tailor the world-class expertise to each customer‟s
unique needs.

1.3.3 Reinvent the Support Model
As support is essential for a critical enterprise system WSO2 is providing a very good customer
support service, understanding the great responsibility of running such a system. Using the
WSO2 online support system, a customer issue can quickly be directed to the best source of
expertise with WSO2 developers on the product or committers to the open source project. WSO2
support lets the customer interact directly with the best person in the world to resolve their issues
quickly as there are no separate support engineers. The people who build the product are support
engineers too as they know every nook and corner of the product well. When necessary, WSO2
provide hot fixes, patches, and service packs to keep customer installation running efficiently.




                                                                                            Page | 4
Going beyond production support, WSO2 support and service model allows customer to
purchase just the services they need, without being forced to pay for bundled services of little
value. WSO2 believes that satisfied and successful customers are the best way to make WSO2 a
successful company in the global middleware market.

1.3.4 Create a Great Place to Work
After years in IBM Research, CEO and co-founder Sanjiva Weerawarana had a dream to not
only reinvent the technology, business relationships, and support model for enterprise software,
but also to bring Silicon Valley-style entrepreneurialism to Sri Lanka. As a result the heart of
WSO2 development and operations is centralized in Colombo, Sri Lanka.

With close relationships to the top local universities and building creative spirit and global
leadership in open source technologies, WSO2 has become a hotbed for local innovators. WSO2
made being Apache committers is a reality for Sri Lankans, which was once an unreachable
dream.




WSO2 encouraged personal development of its employees even to actually leave the company
for doctoral studies abroad. These employees are encouraged to return to WSO2, to found other
entrepreneurial companies in Sri Lanka, or to find employment in other organizations where they
can invest their talents to make Sri Lanka and the whole world a better place to live.

        I love this vision of WSO2 a lot that it not running after money or fame. It has built a
         sustainable business that benefits both customers and the company with employees and
         finally adding value to Sri Lanka and the whole world. As mentioned from the vision
         WSO2 is truly a bed for innovators who are not afraid to try.




                                                                                         Page | 5
1.4 WSO2 Business Model


As WSO2 is a 100% FOSS company the products are available at free-of-charge to be
downloaded by anyone and the source code is also available that utilizing a build tool like Maven
anyone can build the product doing any modifications they wish. Therefore to build a sustainable
company has to adapt a different but feasible business model to operate on.

WSO2 has adopted a very feasible and a unique business model to competitively move forward
in the middleware arena which already had industry giants as Oracle and IBM. Making it
downloadable as free-of-charge WSO2 attracts customer from Oracle and IBM where they have
to pay. That way was a good idea to enter the market as people will consider the capital a lot.

But in an enterprise system a customer will not take the risk of lower performance, quality and
definitely consider the availability of 24X7X365 support. And that was where WSO2 has
identified as the opportunity to make money, selling software support, consultancy and training
for the product stack that is based on SOA and web services. Additionally, client projects are
also carried out.

With this business model WSO2 has been able to compete with the giants existed in the
middleware industry and been preferred by customers over IBM, Oracle etc. just been six years.

1.4.1 Support and Service model
The services WSO2 offering are,

      Consultation (Evaluation Support)
      Training
      Development Support
      On sight trainings (lectures, seminars, conferences etc.).
      Off sight trainings (webinars, podcasts, Self-Paced Training etc.)
      Production Support

Except these programs there are also Quick Start and Cloud Start programs.




                                                                                           Page | 6
1.4.1.1 Evaluation Support
This is designed to help customers in early stages of middleware projects, especially when there
are to meet advanced technology challenges. WSO2 experts can guide customers in technology
selection, product selection/evaluation and migration/integration strategies. For qualified
customers some of the services are free of charge in this model.

1.4.1.2 Quick Start Program (QSP)
WSO2 Quick Start is a rapid program that brings world class expert developers and architects
onsite to work in collaboration with the customer‟s team. The program also includes follow-up
support with a period of online Development Support. The QSP will be conducted within just
one week.

1.4.1.3 Cloud Start
The Cloud Start program is designed to get WSO2 Stratos, the carbon platform as a PasaS,
installed and get ready for the customer enterprise. Cloud Start brings two senior WSO2
engineers on site for 5 business days to work with the customer team. Mainly this programs is
targeted on deploying and configuring WSO2 Stratos on the client's cloud infrastructure and
providing the relevant training on that.

1.4.1.4 Development Support
At this level of support the experts from WSO2 directly assist the clients‟ engineering team
during development. WSO2 offers Development Support to help migrate, integrate, optimize and
manage the customer‟s enterprise middleware deployments. By providing a direct channel
between client engineering teams and the team WSO2 during the critical development stages,
this becomes a catalyst to the process to reach the intended product soon.

Customers get these benefits through this model:

            •      Migrating from expensive proprietary middleware products
            •      Integrating with other middleware and infrastructure products
            •      Tuning for performance and security
            •      Developing custom product features




                                                                                        Page | 7
1.4.1.5 Production Support
A system in production is defined as one that performs, or assists in performing legally binding
transactions and is used by end-users, where a failure of a system in production will have an
immediate economic impact on the organization. So understanding the critical nature of this
WSO2 has designed a support mechanism that guarantees WSO2 middleware infrastructure
enables the client applications to be available 24x7x365 as mentioned in annex, A3. The
Production Support customers are eligible to have the latest feature upgrades, product patches
and service packs.

A Subscriber shall reasonably determine the severity level of Errors, according to these protocols
attached at Annex as A2.

1.4.1.6 TurnKey Packages
Although WSO2 offers a full menu of products and services, they also offer complete turnkey
solution packages. One of the major support feature supplied from these are ongoing twenty four
hour enterprise-level maintenance on the entire client system, installing and provisioning of
WSO2‟s lean, high-performance Carbon platform to run, govern, manage, and monitor the
solution and also it provides a pre-validated architecture template set to address specific business
scenarios and requirements.

Here the WSO2 staff manages and implement the project from conception to deployment to
maintenance for the customer in specific area such as:

      Mobile Services Gateway
      FIX Gateway
      SAP Message Gateway
      Customized solutions



WSO2 is committed to make the customer experience the best service from them and all the staff
work with dedication towards that.




                                                                                           Page | 8
1.5 Organizational Structure


WSO2 has a very flat and informal structure inside the company and everyone is treated equally.
At WSO2Con Mr. Samisa Abeysinghe mentioned that at „WSO2 we do not have resources, we
have the WSO2 team‟ which I experienced throughout the stay.

1.5.1 Employee Hierarchy
The sole purpose of keeping this hierarchy was for activities regarding management done by
Human Resources Management and had no effect in making a technical decision that even an
idea from an intern like me are considered and accepted if it is well supported with facts. This
flat hierarchy is so helpful in fast decision making at the agile software development that the
company has put trust on its employees that they will do the most perfect thing in a situation.




                                    Figure 1.2 Employee Hierarchy

                                                                                        Page | 9
1.5.2 Communication
Communication inside WSO2 is so transparent that everything goes in the mailing lists of the
company domain and this is also very fast in fixing anything. This transparency allows
maximum productivity as and confusions are so lowered. Following are few mailing lists
amongst them.

Team – Anything regarding the whole WSO2 team goes here. Eg .Organizing trip, seating plans

Support – dev – This is focusing on support for the developers.

Training – To discuss things related to training inside WSO2 and outside things that employees
can participate.

Marketing – Discuss matter related to marketing strategy etc. Anyone can post their ideas here
on how to promote WSO2 products

Operations – Any issue regarding daily operations of the company goes here Eg. Cleaning

Infrastructure – Any matter regarding network, WSO2 servers etc. goes here

Vacation – Any kind of leave taken should be informed here

News – Any news regarding the industry that seems useful for the company are posted here

Club – Jokes and other stuff goes here for fun mostly

Also there is no restriction to talk to anyone and even we could easily go to Dr. Sanjiva
Weerawarana and discuss any issue we had. All the doors are open for people to directly
communicate and there was no need to go in a hierarchy.




1.5.3 The WSO2 Team
The WSO2 team consists of the best people for each field that is the key factor company is
conquering the middleware market so soon. Following is the current combination of the team.




                                                                                     Page | 10
Leadership – WSO2 is leaded by very experienced and people across the globe that guides the
company for this much success in just 6 years.

           •       Mr Sanjiva Weerawarana, PhD, Founder, Chairman and CEO
           •       Mr Paul Fremantle, PhD, Co-Founder and CTO
           •       Mr Jonathan Marsh, VP Business Development and Product Design
           •       Ms Monica Pal, VP Marketing
           •       Mr Lavi de Silva, VP Global Sales
           •       Mr Samisa Abeysinghe, VP Engineering
           •       Mr Devaka Randeniya, Senior Director of Sales
           •       Mr Paul Broekhoven, Director, European Sales
           •       Ms Padmika Dissanaike, VP Finance
           •       Ms Puny Navaratne, Director, Legal
           •       Ms Hasmin Abdul Cader, Director, Marketing
           •       Mr Asanka Abeysinghe, Director, Solutions Architecture
           •       Mr Mahesh Markus, Director, Support
           •       Mr Afkham Azeez – Director, Architecture
           •       Ms Udeshika Ratnavira, Senior Manager, Administration and HR




Advisors - The world class personalities and scholars who will be guiding the company through
out with their experience and valuable insights on the industry are as follows.

           •       Mr Larry Augustin – Investor/Advisor
           •       Mr Geir Magnusson Jr. – VP Engineering, Joost
           •       Mr Brian Behlendorf – Founder & CTO, Collabnet
           •       Mr Tom O‟Reilly – Founder, O‟Reilly Media
           •       Mr Patrick Grady – Chairman & CEO, Rearden Commerce
           •       Mr Tony Pizi – CIO Platform Engineering, Deutsche Bank




                                                                                    Page | 11
Product Teams -

The engineering team –The engineers who work on the development, research, design and
testing work fit into this category. Again divided according to the product they work on as
Identity Server team, Gadget Server team etc..

The sales team – Deals with the customers and liaise between the customers and the developers.

The marketing team – Works on marketing WSO2 products by means of sponsorships,
advertisement campaigns, workshops, and webinars so on. Most of the events are organized with
the guidance of marketing team having the whole WSO2 team support.

The finance team – Takes care of the accounts, income, and expenditure of the company

The administration team – Provides vital administration and human resource work handling
salary payments, foreign visit arrangements etc...




1.6 WSO2 Products and Services


The high level product categorization of WSO2 is as attached in annex, A4. In all these
Enterprise Middleware Platform – Carbon, Cloud Middleware Platform – Stratos and Java PaaS
– StratosLive, the following are the common servers that provide various services matching the
environment that runs on. There are 12 servers as follows and I will only explain functionality of
Identity Server as that is the server I worked in and got familiar with mostly.

      WSO2 Application Server - for service hosting
      WSO2 Enterprise Service Bus - for mediation services
      WSO2 Message Broker for messaging services
      WSO2 Data Services Server for managing data sources and data access
      WSO2 Governance Registry and repository - for managing WSDL, schemas, policies,
       life cycles and versioning
      WSO2 Gadget Server for portal services


                                                                                        Page | 12
   WSO2 Web Services Frameworks for C, C++ and PHP – provide simple APIs for
       implementing web services and web service clients
      WSO2 Identity Server - for authentication, single sign-on and access control
      WSO2 Business Process Server(BPEL)
      WSO2 Business Rules Server (JSR-94)                   For composing, orchestrating
                                                             and monitoring business
      WSO2 Complex Event Processing Server
                                                             processes and activities.
      WSO2 Business Activity Monitor (JMX)
      WSO2 Mashup Server

Identity Server (IS)

The A1,2 image, in annex shows the architecture of the IS and A1,3 image shows the
specifications of the server. It uses leading edge technologies to provide adjustable high security
to web applications and web services. SAML 2.0, OpenID, OAuth, XACML, WS-Security are
the standards that IS adhere to which are the latest technologies in security. It uses apache
rampart, WSS4j and neethi modules in addition to other dependencies of ASF that are common
to all WSO2 products.

It integrates easily into existing user stores such as LDAP or Active Directory, supports multi-
factor authentication and the cloud platform Stratos is totally secured by the IS.

The most interesting part is no matter how complex the process is IS provides a good user
experience making the developers life easy. For example IS provides a simple user interface to
define a XACML policy, add it and remove it that allows even a person without a much
knowledge in XACML can handle to use it.




1.7 Performance of WSO2


WSO2 has performed incredibly well when turn back and see the path it has come just in six
years [2] and currently boosting that journey more with putting more resources and been more
innovative. In addition to the praises from customers, WSO2 has won several highly recognized
awards in the industry as follows:

                                                                                         Page | 13
   Kuppinger Cole European Identity Award 2011 - WSO2 was recognized for the
      innovative features of its open source, multi-tenant WSO2 Identity as a Cloud Service
     SD Times 100 Award - For the fourth consecutive year, WSO2 was recognized as one of
      the “top leaders and innovators” in the software industry by the editors of SD TIMES.
     Red Herring Asia 100 Award - WSO2 was awarded the Red Herring Asia 100 Award
      in 2006 for being one of the most promising private technology companies in Asia.
     InfoWorld Best Open Source Software (Bossie) Award - WSO2 was named InfoWorld
      2009 Best of Open Source Software (Bossie) Award winner and recognized for
      delivering WSO2 Carbon
     National Best Quality Software Awards (NBQSA) - WSO2 walked away with:
      -WSO2 Enterprise Service Bus :
             Gold Award under Infrastructure & Tools Category and Overall Gold Award.
      -WSO2 Gadget Server: Silver Award under Research & Development Category.
      -WSO2 Data Services Server: Bronze Award under Infrastructure & Tools Category.




1.7.1 Strengths
  1. The high qualified, dedicated team – I see the WSO2 team, as the main strength of
      WSO2. The engineering team consists of best brains of Sri Lanka who are world-class
      architects and developers having experience and contributions at global industry. WSO2
      has at least few committers from all the products WSO2 use from ASF. The marketing
      team has the best of the profession and sales team too. And various people coming from
      various backgrounds and fields shares the common objective of adding value to the
      company using their expertise in every way they can. For example the engineering team
      involve in marketing activities hugely through blogging and tweeting and all the teams
      work together co-operating with each other as one family.

  2. Flexible working culture – In WSO2, employees have flexible working hours and not
      forced to work at a particular time. With this, company has made a very friendly
      connection with the employee that as well as they enjoy the freedom at work; in gratitude
      there is no need to ask them to work when some urgent need arises. Employees


                                                                                      Page | 14
voluntarily work with dedication as they in heart feel the need to contribute company
   back. Adapting flexible working culture is a challenge and its such a strength that WSO2
   has been able to work out it in this way.

3. No support engineers – As there are no support engineers all the discussions with the
   customers and supporting are done by same engineers who build the system and live with
   it. As those engineers know the product very well any issue can be easily fixed and can
   be well explained to the customers. That way engineers get a good feeling on what the
   customer‟s need, what they should provide via the product and customer get a very fast
   and clear support for their maximum satisfaction. So I call this a strength of WSO2.


4. Innovative Carbon platform – No matter how nice we approach the customer, it is hard
   to long run a business if we do not have a good product to compete with the competitors.
   WSO2 has the very innovative carbon platform that allows them all these
   componentizing which satisfy the customer allowing them just to use what they want and
   just pay only for the services they use. The flexibility of the platform also allowed the
   WSO2 to present the first PaaS – StartosLive this soon, which Oracle said to come up
   with at 2015. The architecture of carbon platform best fits the today‟s enterprise need to
   have agile software that can shape up for the rapidly changing business needs.


5. Being an Open Source company - This is a great strength of the company in product
   view. As the source code is available for anyone to have a look, day by day the product
   improves identifying bugs and fixing them. Approaching the customers has become easy
   with this also that people do not hesitate to try the products and see the functionality as its
   free.




                                                                                        Page | 15
1.7.2 Weaknesses
There is no any major weakness I could identify at WSO2. Only thing I see is there is a little lack
of documentation in some areas on using WSO2 products. There are so many blogs written by
the engineers and WSO2-Oxygen Tank [5] provide lot of information on using products. But still
with the number of products and services providing through the stack and different scenarios
they can be used, there is a lack of documentation. The company has identified this already as a
weakness and encouraging the staff to complete documentations well having more attention
towards Oxygen Tank.

1.7.3 Service to Sri Lankan Society
Bringing open source concept to Sri Lanka itself is a great service for the country that it‟s the
most appropriate model matching. Through WSO2 lot of Sri Lankan talent has found a place in
global industry becoming Apache committers etc. as WSO2 encourage personal development of
the employees. WSO2 has contributed a lot to make Sri Lanka, the country having largest
number of committers to the Apache Software Foundation outside the United States through this.

Most of the computer science graduates consider going abroad for employment after the degree
and having such a great place like WSO2 to work, being on own motherland is a great service
the company is providing for the country, stopping it from loosing it‟s great resources.
Encouraging going abroad for further studies, not just for employment WSO2 creates a well
experienced work force for the future who have knowledge in leading edge technologies.

Many WSO2 professionals provide mentoring to many undergraduate students who are doing
their final year projects from many different universities in Sri Lanka and make university
undergraduates getting exposed into the global software industry and acquire great achievements
even through the internship they supports.

WSO2Con is a perfect example for the fame the company is bringing in to Sri Lanka through the
software industry. Lot of experts visited Sri Lanka to attend this event and at every possible
occasion it show case the Sri Lankan culture. One day if middleware industry could become the
key player of Sri Lankan economy, instead of garments, tea, rubber and house maids at middle-
east, WSO2 will be the pioneer of that.



                                                                                         Page | 16
1.8 Suggestions to Improve


  1. As mentioned in 1.6.2 improving documentation through Oxygen Tank to cover all the
     key topics regarding the products is a great improvement to achieve. That way anyone
     who just falls into a product will feel comfortable trying things with that and will be able
     to understand the power of it. Also when a new release is out some of the content get not
     valid for newer version and these things should be clearly stated or modified accordingly.
     So having some mechanism to update the content will be very useful.


  2. Currently WSO2 is operating in three offices in Sri Lanka which are just bit separating
     the developing crew to each place. For the sake of getting to know each other and in case
     any co-ordination need at development, it is better if all the crew can stay at one building
     having freedom to discuss with each other easily. Also as most of the customer base is
     from USA, it will be beneficial to have more developers in Palo Alto office at California
     meeting the customers and that will make it easy and fast to provide on-site support.




                                                                                       Page | 17
2   Training Experience



2.1 Joining WSO2 Family
At the very first day 28th Feb 2011, all fifteen of us selected to be interns at WSO2 were there
and our details were confirmed and given new email addresses in wso2.com domain. Ms.
Udeshika Rathnavira introduced us to the company premises, showed the pantry area and we
were given laptops for the use at internship time.

Mr. Samisa Abeysinghe, VP Engineering, WSO2, talked to us in the evening and added lot of
valuable thoughts to us. He emphasized that there are no much rules and formality in the WSO2
culture and we are free to use any of the resource there in order to learn and question and suggest
about anything. Also he highlights that it‟s in our hands to take full use of the given opportunity
and the importance of the training received at internship period. These facts he pointed got
engraved in my mind and was a good start. Also on the very first day we were given a task to be
complete within a week as groups of five by Mr. Samisa Abeysinghe. A simple banking system
was built in the very first week with my group formed with Malith Dhanushka, Hasitha
Aravinda, Sumedha Sanjiva and Gokul Balakrishnan. The objective of this task was to have an
idea about our java knowledge and object orientation concepts and informed us that GUI is not
needed.

First our group gathered and discussed the specifications related to the domain and drew a class
diagram. As everyone is needed to code at least two java classes, we divided work concerning
that and relevance. SVN was used to host the project and we developed the system discussing
among ourselves resolving things as they arise.

Mr. Afkham Azeez, Director of Architecture, WSO2 reviewed our code and give very useful
comments to improve ourselves highlighting the mistakes we have done. He recommended few
web sites and books for reference and emphasized that we should master an IDE, practicing the
key board shortcuts. Effective Java (2nd edition), Java Pitfalls were among the recommended
books.

In a near date, we were assigned projects and I was given to „Implement SAML to XACML‟
which was regarding the WSO2 – Identity Server and we got a mentor to guide us on the project

                                                                                         Page | 18
and my mentor was Mr. Asela Bathberiya, Senior Software Engineer. With the friendly behavior
of all the staff, it was a nice place to work and I found it very special in WSO2 that even a little
mistake was not kept to hang on, that immediately it is corrected when noticed. High quality was
kept not just in the code level but in all the levels of all the processes and environments.




2.2 Induction


Ms. Udeshika Rathnawira - Senior Manager, Administration and HR with Ms Hasmin
Abdulcader, Director marketing conducted an induction programme for fifteen of us and few
employees who joined recently. It was a nice discussion done in a very friendly manner that
resolved our doubts and introduced us to the company culture. They described us the flat
hierarchy maintained within the organization and how each and every member of WSO2 family
is treated equally. They emphasized us that we should call everyone by their preferred first name
and not to use „Sir‟, „Madam‟, „Ayya‟ or „Akka‟. Hasmin briefly described about the business
model of the company and little bit of history too.

At WSO2, 3.30 pm is set as tea time and each individual is supposed to come downstairs to the
lobby area at that time. She also mentioned that all members used to share experiences and have
a chat with fellows while having a snack and we should know each other in the company. It was
really great and possible that WSO2 family was only about 150 by that time. Apart for tea time,
anyone was also totally free to come to lobby area, watch TV and have some drink to get
refreshed while working. Also they told that there is no dress code that we are free to wear
casually. What I realized with all these was WSO2 has really created the office free as home for
everyone to work without any difficulty.

We were informed that office hours are flexible, to make the life easier as they know intellectual
work cannot be forced. Working from home is an available option for employees and as interns
we were not given that privilege as it contrasts the objectives of internship. Hasmin further
explained that as interns we will get lot of problems in doing things that we will need to get helps
from the staff that is impossible if we stay at home and work. We were told that we are suppose


                                                                                               Page | 19
to be at office within 9am to 5pm and as we work on it was not that hard to stay at office that
time as It was such a perfect place to work.




2.3 Development Environment


OS – As an open source company most of the WSO2 employees were using Ubuntu, an open
source linux OS and me too started to use Ubuntu as my primary OS. Installation of software
including java installation were done using command line, Synaptic Package Manager and got
familiar with setting up environment variables on .bashrc file that was so different from
Windows. Though it was little difficult get used to at the beginning later I found that it is more
effective than Windows OS I was used to.

IDE – I was familiar with using NetBeans at university as lot of developers at WSO2 were using
Intelli IDEA as their IDE tried to use that. The key-board centric IDE seemed fine for me and
continued to master that IDE and worked using that.

SVN - The primary mechanism of version controlling used at WSO2 is SVN. At the beginning
only thing I did was checking out codes from WSO2 repo and later once we were given separate
spaces there also committed the codes there and make them under version control.

Maven – It‟s a very widely used open source software project management tool by Apache.
Almost all the projects at WSO2 are managed using Maven with the pom.xml that describes the
software project being built, its dependencies on other external modules and components, and the
build order. That makes the project build process easy. I may have called the command „mvn
clean install‟ more than 1000 times within the internship period to build projects. In fixing
dependencies Maven take the load of the developer to download them and fix with the project.
Instead it dynamically downloads Java libraries and Maven plug-ins from one or more
repositories, reading the pom.xml at build time. Maven provides built-in support for retrieving
files from the Maven2 Central Repository and other Maven repositories.




                                                                                        Page | 20
FindBugs – This is a recommended tool for all the developers at WSO2 to use on any of the
code they write. The tool is so smart that it run through our code and analyzing the patterns,
highlights where bugs are possible. To achieve high quality in coding with minimum bugs this is
a great tool to use.

TcpMon – This is a very much useful debug tool that allows viewing messages and resending
them. We can set a listening port in TcpMon and it shows messages that come to the port and
continue the message without any change. I hugely used this in testing the Entitlement Handler.

SOAPUI – This is a widely used tool at WSO2 for all sorts of tests. It is a free and open source
cross-platform functional testing solution. This is also used to trace messages as TcpMon and
have more additional features. I needed this in implementing SAML to XACML as TcpMon was
not capable of tracing secured messages.




2.4 Hands on Ws – Security


The IS team works mainly focusing on the security of the web applications and services. It
develops solutions for the growing challenge of the management of the identities of employees,
vendors, partners, and customers across internal, shared, and SaaS services. IS is focused on
winning this challenge of providing sophisticated identity solution in a easy to implement
manner with minimum negative effects to the user experience and performance. In achieving this
goal IS uses latest standards and technologies like SSO, OpenID, XACML and SAML.

As the project I was assigned to complete was „Implement SAML to XACML‟ which was totally
new to me I did not know where to start. Also the only knowledge I had on security was things I
heard on hacking sites, viruses etc. and only solutions I knew were using a user name combined
with a secret password that is long and hard to guess and using virus guard. Only after a
discussion with my mentor, Mr. Asela Pathberiya, I got to know how vast the subject is and got
passionate about the project. With given guidance I started to read the project specification
document [4], though I hardly understood it and then had research on the related technologies
and security concepts.

                                                                                       Page | 21
Following are the main concepts to be addressed in any system that is trying to provide security
to a web service or an application.

      Authentication - Identifying the person correctly
      Authorization - Giving individuals access to resources based on their identity
      Confidentiality - Ensuring that information is accessible only to those authorized to have
       access
      Integrity - Data cannot be modified / tampered without authorization
      Non repudiation - Ensuring that a party in a dispute cannot say “I didn't send such a
       message”

In relevant to the project of me I understood that IS is achieving authorization in a fine-grained
manner using XACML policies and Integrity and Non-repudiation is achieved through xml
signatures. Username and password were used for basic authentication.

Having these concepts in mind I was given tasks to begin with to get familiarized with the stuff.
At first my mentor recommended me to get familiar with Axis2 and I followed a tutorial in
„WSO2 Oxygen Tank‟ [5].

Following are the steps I followed

   1. Wrote a web service and deployed it in Axis2 as a .war file.
   2. Got the WSDL file and generated the stub classes.
   3. Wrote the client to call the web service using the stubs.

Doing this I got familiar with the IDE more and learned how to fix dependencies which I always
fall into trouble due to some version miss match kind of thing.

With this experience I went ahead in getting familiarized with WSO2- IS specific things.




                                                                                        Page | 22
2.4.1 Sample Client for IS
This sample was to show how to authenticate a user and to allow that user to access authorized
resources (services), using the API of WSO2 IS. Simply this simulates few functions without the
browser interface of the server.

Scenario: After authentication, if user is authenticated having the role of 'admin', will have
privileges to add or remove XACML policies, and evaluate them against sample requests.
Following are the steps to be demonstrated.

   1. Log into the server after authentication
   2. Add a policy from local machine
   3. Read the enabled policy of the server
   4. Remove a policy
   5. Evaluate the enabled policy against a request

I used sample XACML policies and requests to observe the functionality and while doing that
got familiar with writing XACML policies and requests, understanding how it is achieving fine-
grained authorization.

Here is a pattern of the policies used in testing the functionality:

<Policy PolicyId="urn:sample:xacml:2.0:samplepolicy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" ><Description>Sample XACML
Authorization Policy -01</Description> <Target>

  <Subjects>...</Subjects>
  <Resources>...</Resources>
  <Actions>...</Actions>


 </Target>
 <Rule>...</Rule>
</Policy>



                                                                                      Page | 23
The Target element defines a set of conditions that must be met to pick up that policy and
accordingly the rule get applied giving the decision „Permit‟ or „Deny‟.

Here is how a XACML request will look like:

<Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">


 <Subject>…</Subject>
 <Resource>…</Resource>
 <Action>…</Action>
 <Environment>…<Environment />


</Request>



According to the OASIS profile of XACML 2.0,

      The <Subject> element defines who wants to access and it may have many attributes
       defined inside as child elements.
      Only one <Resource> element is allowed to be present in one decision request and it
       defines the request the Subject is trying to access.
      Only one <Action> element is allowed to be present in one request and it defines the
       action the Subject wants t perform on the Resource. (eg. read)
      <Environment> element carries attributes if present that are not associated with Subject,
       Resource or Action. (eg. IssueInstant)

Depending on the policies enabled in the PDP a request may have the decision as „Permit‟,
„Deny‟, „Indeterminate‟ or „NotApplicable‟ if a matching policy is not found.

While working on this I got introduced to the functionality of IS, coding standards of WSO2 and
XACML. Also learnt few deferent methods to convert WSDL to java using Axis2, in maven
build and using browser UI of WSO2 - Enterprise Service Bus and I share that knowledge I
gathered through two blog posts in my personal blog space, on „A sample on calling WSO2 IS

                                                                                       Page | 24
functionalities through the API‟ (http://pushpalankajaya.blogspot.com/2011/04/sample-on-
calling-WSO2-identity-server.html)      and    „How      to    convert     WSDL       to      Java‟
(http://pushpalankajaya.blogspot.com/2011/03/how-to-convert-wsdl-to-java.html).




2.4.2 Entitlement Handler
After writing the above mentioned sample I got to realize the power of Identity Sever and how
much function are happening when we just hit a button in the nice looking browser tab. As my
next task I got a work that made me realize the power of Axis2 in deeper. The task was to refer
the Entitlement Mediator code that already exists in WSO2 IS and to build the same functionality
in an Axis2 handler. ,

2.4.2.1 Building ‘Carbon’ platform
As first I went through Entitlement Mediator code and could not understand many things. Read
documentations and then decided to understand it observing its functionalities. For that I needed
to build the mediator module and doing that I learnt lot of things. Though I could just fix the
dependencies needed by the module and build it, my mentor suggested that it will be better I
build the whole carbon platform. It was a challenging experience by then, that almost all the
developers were committing new stuff fast, getting ready for the recent release. But finally when
I finished building „Carbon‟, the platform, in whole, I had a better idea on what is „‟Carbon‟ and
how WSO2 products are based on that while been componentized by OSGI framework. Also I
got familiar with pom.xml file that is used in Maven build and how to fix dependencies and
project properties through that.

2.4.2.2 Remote Debugging
To observe the functionalities I needed to get familiar with the remote debugging tool of Intellij
Idea, the IDE I used. It was a very helpful feature to debug and see the code functionalities when
there were no „main‟ methods as I was used to. For the purpose of monitoring the passing
messages I got familiar with using TCPMon and proceeded with understanding the Entitlement
Mediator using the new tools.




                                                                                           Page | 25
2.4.2.3 The Handler
As Entitlement Mediator is based on Apache Synapse, it has characteristics related with it and
the Entitlement Hander is based on Apache Axis2 which gives different characteristics [6]. In
contrast with synapse-mediators, axis2-modules give the facility to interleave handlers in a smart
way using partial orderings and policy-driven model of configuring modules (through axis2.xml,
module.xml) is unique to Axis2 which will allow applying the handler in selection of service
level.

With that rough understanding I started to get familiar with the structure of an Axis2-Handler,
running through an existing handler in the IS.

With all these I got a better understanding on what needs to be done and following is the
architecture of the Entitlement Handler.

Scenario: When the Entitlement Module which includes the Entitlement Handler, is engaged to
a particular service before letting the client consume the service, the handler check whether the
client is authorized to perform that action on the service. What handler does is

    1. Read the relevant parameters from the Axis2 message context (Only support Username
         Token authentication for now)
    2. Build a XACML request according to the read parameters
    3. Pass the XACML request to a previously configured PDP and get the decision
    4. Depending on the decision from PDP, continue the message or drop it without letting
         reach the service.




                                                                                        Page | 26
Figure 2.1 Entitlement Handler Structure




2.4.2.4 Packaging the Entitlement Handler
To place the handler in a message path it should be included in a module. Following are the basic
essentials for any axis2 handler to meet the intended functionalities that I followed.

   1. Created the Module Implementation – There must be a class that implements
       „org.apache.axis2.modules.Module‟.
   2. Created the Handlers – There can be one or more handlers and they can be ordered in
       module.xml. Each handler class should implement org.apache.axis2.engine.Handler
       interface
   3. Created the module.xml as follows



                                                                                         Page | 27
<module name="EntitlementHandler"
class="org.WSO2.carbon.identity.entitlement.axis2handler.EntitlementModule">
  <Description>
       The entitlement handler module extracts the user name, resource and action from the
passing axis2 message context and creates a XACML request with the details. Then pass it to the
set up PDP and continue or drop the message, according to the decision from PDP.
  </Description>


  <InFlow>
       <handler name="EntitlementHandler"
            class="org.WSO2.carbon.identity.entitlement.axis2handler.EntitlementHandler">
         <order phase="EntitlementPhase"/>
         </handler>
  </InFlow>
  <parameter name="remoteServiceUrl">https://localhost:9443/services/</parameter>
  <parameter name="remoteServiceUserName">admin</parameter>
  <parameter name="remoteServicePassword">admin</parameter>
  <parameter name="remoteIp">127.0.0.0</parameter>
  <parameter name="decisionEvaluatorClass"></parameter>
  <parameter name="trustStoreLocation">/home/pushpalanka/Installations/WSO2is-
3.0.1/resources/security/WSO2carbon.jks</parameter>
  <parameter name="trustStorePassword">WSO2carbon</parameter>
</module>



Deployment configuration of the Entitlement Module was done using the above module.xml file.
A module can be placed in one or more of the following flows in an Axis2 server.

        InFlow - Represents the handler chain that will run when a message is coming in.
        OutFlow - Represents the handler chain that will run when the message is going out.


                                                                                        Page | 28
   OutFaultFlow - Represents the handler chain that will run when there is a fault, and the
          fault is going out.
         InFaultFlow - Represents the handler chain that will run when there is a fault, and the
          fault is coming in.

As seen in the file,

Entitlement Handler is placed in the InFlow and the module only includes one handler.
Flexibility of a module is that, at deployment, the module can be configured according to the
context modifying this file. The parameters defined above file are the configurations used in my
local machine for testing purposes and are read at deployment. Later when handler is in run the
read in parameter are used in functions.

      4. Modified the "axis2.xml" to add the custom phase (In this case defined Entitlement phase
          after the security phase)

...
<phaseOrder type="inflow">
      <!-- System pre defined phases       -->
      <phase name="Security"/>
...
      <!-- System pre defined phases       -->
      <!--After Postdispatch phase module author or service author can add any phase he wants -->
      <phase name="EntitlementPhase"/>


</phaseOrder>
...




                                                                                         Page | 29
5. Package in a ".mar" (Module Archive) with the following format




                           Figure 2.2 Inside .mar file Entitlement Handler



   6. Deploy the module in Axis2 – Creation of a directory with the name "modules" in the
       "webapps/axis2/WEB-INF" directory of the servlet container, and then copying the
       ".mar" file to that directory
   7. Add the line „<module ref="EentitlementModule"/>‟ in services.xml to informs the
       Axis2 engine that the module " EentitlementModule " should be engaged for this service.


      The Entitlement Hanlder allows user to configure it for any other PDP, if user is not
       using WSO2 – IS. This is achieved with the help of flexibility given by module.xml.
       EntitlementDecisonEvaluator is the interface that user should implement in a class and
       define how to call the PDP and get the decision. CarbonEntitlementDecisonEvaluator is
       that implementation done for WSO2 – IS.

Testing

To test the handler for intended functionalities used remote debugging and wrote a simple client
that uses UsernameToken for authentication and a service that is secured by a ws-policy.

                                                                                       Page | 30
2.5 Implement SAML to XACML


With the experience got implementing the Entitlement Handler I could now understand what
needs to be done here, very well. With guidance of my senior mentor Mr. Prabath Siriwardena, It
was found that this can be easily implemented using the openSource library OpenSAML, which
was already used in IS. I was advised to get familiar with the OpenSAML API before starting
implementation and so I went through several examples and tried to understand the pattern of
coding with the API. This exercise was very useful for me not to get confused when start
implementation and I could focus more on the logic.

Problems

When I started a new project in IDE and tried to implement having OpenSAML library as an
dependency it gave me a very descriptive error message that “OpenSAML requires an XML
parser that supports JAXP 1.3 and DOM3. The JVM currently configured to use SUN XML
parser, which is known to be buggy, and cannot be used with OpenSAML. Please endorse a
functional JAXP library such as Xerces and Xalan.” As the error message says the solution too, I
tried endorsing the mentioned libraries in my JAVA installation. But still there was an error in
bootstrapping the OpenSAML library.

Solutions

After trying various other things, my mentor came up with idea that as Identity Server is already
endorsed with those libraries to work with OpenSAML and I can start coding inside the source
code of IS, build it with Maven and observe functionalities using remote debugging. This was a
perfect solution than bothering to endorse the libraries newly and need not have any issue later in
integrating this with IS as I already trying to implement it inside. Also fixing correct
dependencies was automatically done with IS plug-ins and I got familiar with the source code of
IS more.

After having hands on building XMLObjects using OpenSAML and getting familiar with how
the API behaves, thoroughly went through the specification document again having attention to
each and every word. Had few doubts regarding few things in the specification document and

                                                                                         Page | 31
discussing with the mentor clarified them all, having assistance of the IS-team too. Figure 2.3
shows the flow from the XACML request, until it get the decision in plain text, having secured
inter-server communication.

First approach was for XACML request to wrap into an OpenSAML - XADQ
(XACMLAuthzDecisionQuery) which seemed comparatively less complex than the Response
side. Then at PDP the XACML request is extracted only if the signature and issuer are validated
correctly that guarantees the message in not altered. The received XACML request is then
forwarded to the PDP and get the decision as a java string. The received java string is then
unmarshalled into a XACML response object in OpenSAML library and wrapped into a SAML
response which is signed with private key and certified. Then at PEP the message is validated
against signature and issuer and read the decision given from the PDP to the previously sent
request.




                                                                                      Page | 32
PEP (Policy Enforcement Point)                  PDP (Policy Decision Point)


       XACML request (String)                     XACMLAuthzDecisionQuery (String)
                                                                   unmarshall
                        Unmarshall                   XACMLAuthzDecisionQueryType
  XACMLAuthzDecisionQueryType                              (XMLObject)
        (XMLObject)
                                                         Validate (Issuer/Signature)

                                        SAML XADAQ
                                                          Get decision for request
    Set attributes (Issuer/Signature)

                        marshall                         XACML response (String)

 XACMLAuthzDecisionQuery (String)




                                                                         XACMLResponse


       SAML Response (String)
                                                        XACML response (String)
                      Unmarshall
                                                                      unmarshall
        Response (XMLObject)
                                                       ResponseType (XMLObject)
     Validate (Issuer and Signature)
                                                     Wrap with DecisionStatementType
                                                              (XMLObject)
             Get Assertion
                                 SAMLResponse
                                                  Wrap with Assertion including issuer
             Validate Issuer

                                                 Wrap with SAML response including
             Get Statement
                                                        issuer and signature
                                                                      marshall
        Get XACML Response
                                                      SAML Response (String)

              Get Decision




            Figure 2.3 Flow of secured server to server communication                Page | 33
A sample XACML request used:

<xacml-context:Request xmlns:xacml-
context="urn:oasis:names:tc:xacml:2.0:context:schema:os">
       <xacml-context:Subject>
            <xacml-context:Attribute
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="testissuer">
            <xacml-context:AttributeValue>admin</xacml-context:AttributeValue>
            </xacml-context:Attribute>
       </xacml-context:Subject>


       <xacml-context:Resource>
            <xacml-context:Attribute
AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
                <xacml-context:AttributeValue>http://localhost:8280/services/echo/
                </xacml-context:AttributeValue>
            </xacml-context:Attribute>
       </xacml-context:Resource>


      <xacml-context:Action>
               <xacml-context:Attribute
AttributeId="urn:oasis:names:tc:xacml:2.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
               <xacml-context:AttributeValue>read</xacml-context:AttributeValue>
               </xacml-context:Attribute>
       </xacml-context:Action>
<xacml-context:Environment/>


</xacml-context:Request>


                                                                                     Page | 34
After making XACMLAuthzDecisionQuery out of the above request:

<xacml-samlp:XACMLAuthzDecisionQueryType InputContextOnly="true" IssueInstant="2011-
09-23T08:20:47.384Z" ReturnContext="false" Version="2.0" xmlns:xacml-
samlp="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol">
<saml:Issuer SPProvidedID="SPPProvierId"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> https://XACMLPDP.example.com
<m/saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
   <ds:Reference URI="">
   <ds:Transforms>
     <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
     <ec:InclusiveNamespaces PrefixList="ds saml xacml-context xacml-samlp"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
     </ds:Transform>
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <ds:DigestValue>cf2rlbqqDa5lwvoAKwRcLUxhaco=</ds:DigestValue>
   </ds:Reference>
  </ds:SignedInfo>
<ds:SignatureValue>AwhSsvaV3Y0Ne97TARUlce5H1bS3F2/MHl7QJ4gVddjsR+O2fvG8Kz0
kE9Y6zbA+zotfmPbvK2TgCOz+LVZw2Clcn+4uJ/RZlOSbnlxmQyNgWT2vqMoEf83q+HiLE0
afZv42gw1k=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQs
wCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZp


                                                                                Page | 35
ZXcxDTALBgNVBAo+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6F
jFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEt
VZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<xacml-context:Request> …</xacml-context:Request>
</xacml-samlp:XACMLAuthzDecisionQueryType>



Following is the Structure of the above XACMLAuthzDecisionQueryType




    XACMLAuthzDecisionQueryType

       Signature
          Signed Info
                                                        XACML
                                                        Request

       Figure 2.4 The Structure of the XACMLAuthzDecisionQueryType



For the XACML response also a sample response was used and generated the SAML response in
same kind of procedure meeting the constraints mentioned in the OASIS - SAML to XACML
profile which was bit more complex than creating the XACMLAuthzDecisionQuery. The inputs
and output looks as follows.

                                                                                Page | 36
A sample xacml response that will come as the decision from pdp:



<xacml-context:Response xmlns:xacml-
context="urn:oasis:names:tc:xacml:2.0:context:schema:os">
       <xacml-context:Result ResourceId="CE.pakgrid.org.pk:2119/jobmanager-lcgpbs-
dteam/dteam">
             <xacml-context:Decision>Permit</xacml-context:Decision>
                  <xacml-context:Status>
                    <xacml-context:StatusCode
Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
                  </xacml-context:Status>
                  <xacml-context:Obligations
xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os">
                       <xacml-context:Obligation FulfillOn="Permit"
ObligationId="MappingData">
                            <xacml-context:AttributeAssignment AttributeId="User"
DataType="http://www.w3.org/2001/XMLSchema#string">.poolname</xacml-
context:AttributeAssignment>
                      </xacml-context:Obligation>
                  </xacml-context:Obligations>
       </xacml-context:Result>
</xacml-context:Response>



The response says whether to allow the request to reach the service or not as the decision given
from PDP according to the enabled policies.




                                                                                       Page | 37
A Sample SAML Response That Will Come To PEP From PDP:
<samlp:Response IssueInstant="2011-09-23T08:24:35.878Z" Version="2.0"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer SPProvidedID="SPPProvierId"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://XACMLPDP.example.com</saml
:Issuer>
<saml:Assertion ID="ohncaenlemlghggmfdncjionjejaimfnpckmaofj" IssueInstant="2011-09-
23T08:24:35.809Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer SPProvidedID="SPPProvierId"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://XACMLPDP.example.com</saml
:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#ohncaenlemlghggmfdncjionjejaimfnpckmaofj">
  <ds:Transforms>
   <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
   <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
   <ec:InclusiveNamespaces PrefixList="ds saml xacml-context xacml-saml"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
   </ds:Transform>
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
  <ds:DigestValue>JaEObAc3AhIxT3cdovUIFElsn5E=</ds:DigestValue>
 </ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>dGRvdBmjOFTNsgHmVreFm400JMYFPHvOq/O3V0EQNad6eeiFU6KA
us+1u8FkS7JEg5Q66z2VfKJ7xF+fTwBLhi0fZdFsYJebtuzOld2ostvyXbdL2f5Noxj3p1Ir1Cm3n
wR+QK5k9FjT2T6xCw6AdvzcbzFImhsiO/DE1yv2QdY=</ds:SignatureValue>



                                                                                Page | 38
<ds:KeyInfo>
 <ds:X509Data>
<ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQs
wCQYDVQQGEwJVUzELMAkGA1UECAwQCUp/oV1vWc8/
TrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPA
wDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rH
ANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9J
ogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=
 </ds:X509Certificate>
 </ds:X509Data>
</ds:KeyInfo>


</ds:Signature>
 <saml:Statement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xacml-
saml="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xacml-
saml:XACMLAuthzDecisionStatementType">
   <xacml-context: Response >…</xacml-context:Response>
 </saml:Statement>
 </saml:Assertion>
</samlp:Response>



Following is the Structure of the above XACMLAuthzDecisionQueryType




                                                                                   Page | 39
SAML Response
                                                        SAML
                                                        Assertion


                                                             Statement
                                                                   XACML
                                                                  Response




                        Figure 2.5 The Structure of the SAML Response




In achieving security at server to server communication in this context, the signing process plays
a great role. It helps to avoid following two issues.

      Tampering - Information in transit is changed and then sent on to the recipient.
      Impersonation - Information passes to a person who pretends to be the intended recipient
            It was noted that adding the signature in this way does not provide confidentiality
               and also it is not a requirement in the context.

Completing this project, I got familiar with this concept of signing with pubic keys and private
keys. Though it looks like an unreadable scratch for human eye, in the above given sample
queries and responses, it involves a lot of logic and calculations to provide secured
transformation of information.




                                                                                          Page | 40
Signing


             • Document to be Signed
             • In Entitlement handler SAML Assertion or
               XACMLAuthzDecisionQuery

             • Calculate document finger print with an algorithm
             • Encrypt it with private key and set X509Certificate and
               and the public key



             • Generate digitally signed document embedding the
               signature into it


                           Figure 2.6 Signing Procedure



Validation



             • Access the received docment and the digital signature
               seperately
             • Calculate the finger print using the same algorithm used


             • Decrypt the encrypted finger print sent with signature,
               using the public key of the sender


             • Comapre the calculated and decrypted finger prints
             • If they are same the message is not been altered



                        Figure 2.7 Validation Process
                                                                    Page | 41
Signing in code level

private static Assertion setSignature(Assertion assertion, String signatureAlgorithm,
                           X509Credential cred) throws IdentityException {
     doBootstrap();
Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(cred);
signature.setSignatureAlgorithm(signatureAlgorithm);                    Signing object is also
                                                                        passed as it is needed
signature.setCanonicalizationAlgorithm
                                                                        to      create     the
(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);                        fingerprint


          KeyInfo keyInfo = (KeyInfo)
buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
          X509Data data = (X509Data)
buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
          X509Certificate cert = (X509Certificate)
buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
          String value =
org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded());
          cert.setValue(value);
          data.getX509Certificates().add(cert);
          keyInfo.getX509Datas().add(data);
          signature.setKeyInfo(keyInfo);


       assertion.setSignature(signature);
       List<Signature> signatureList = new ArrayList<Signature>();
       signatureList.add(signature);


       //Marshall and Sign
MarshallerFactory marshallerFactory =
org.opensaml.xml.Configuration.getMarshallerFactory();


                                                                                         Page | 42
Marshaller marshaller = marshallerFactory.getMarshaller(assertion);
marshaller.marshall(assertion);                           Signer sign with the build
                                                          signature that is set with
         org.apache.xml.security.Init.init();             keyinfo that includes the
                                                          X509 certificate built
         Signer.signObjects(signatureList);
                                                          from credentials
         return assertion;


     }



It should be mentioned that with the OpenSAML library, signing and validation process can be
more easily done instead of the complexity behind the process.




2.6 Other Technical Experiences


2.6.1 Apache Team
This was a voluntary work that I joined with my interest to learn more on Apache products. This
was a wonderful experience that we were introduced how to contribute ASF. This was done in
milestone pattern that we met at the beginning and had a discussion which was guided by Mr.
Sagara Gunathunga, Committer/PMC member at The Apache Software Foundation and Tech
Lead at WSO2 and set bi-weekly milestone. Then again we meet after two weeks, review what
we have done and set next milestone.

I started my work with trying to write a sample for Apache-Transport-SMS module and had to
pause it for a while as I got stuck with installing Java Communication API in my machine. I was
advised not stay stuck in that and to proceed with solving some other issues in Apache jira and
resolved following documentation issues and wrote a post on my blog on „Documentation-patch
submission for Apache issues‟ (http://pushpalankajaya.blogspot.com/2011/09/documentation-
patch-submission-for.html) hoping someone at the beginning of contributing Apache will be
benefitted.


                                                                                       Page | 43
1. Client.java in UserGuide has syntax errors - https://issues.apache.org/jira/browse/AXIS2-
       4655
   2. Configuration guide should clearly state the root elements and locations for axis2.xml
       services.xml and module.xml - https://issues.apache.org/jira/browse/AXIS2-5069
   3. RESTClient documentation example differs from RESTClient.java source file -
       https://issues.apache.org/jira/browse/AXIS2-5138

Problem – Installation of Java Communication API was not successful even when followed the
steps in the guide and could not call the web service using a SMS.

Solution – Consulted several senior employees to catch the error and tried lot of options
including changing the OS to Windows. Finally found that developer of the SMS module is also
a employee at WSO2, Mr. Charith Wickramasinghe, who was on abroad and contacted him via
email and got guidance. With that could resolve the problem.

Have to add the following files in Axis2-HOME/lib directory and should pay attention to match
the versions using.

      axis2-transport-sms-1.0.0.jar                        smslib-3.4.1.jar
      mail-1.4.jar                                         axis2-transport-base-1.0.0.jar

For Java Communication API installation should copy following files to jre-home/lib/ext/
directory and if does not work well should try copying to Axis2-Home/lib.

      comm.jar
      libLinuxSerialParallel.so
      libLinuxSerialParallel_g.so

As next step I have to document this properly and submit the patch explaining the procedures
and as I gave priority to my main task this work was bit delayed. But as getting introduced to the
Apache community was the hard part, now I can proceed with this individually though I am out
of company. So I think I did the right thing giving priority to my main project „Implement
SAML to XACML‟ as it was my responsibility and this is my voluntary work that I can continue
even later.


                                                                                         Page | 44
2.6.2 Training Sessions
After the release of Stratos, the cloud platform, WSO2 started a weekly training program which
was conducted by senior employees on topics suggested by the rest of staff and things that are
recognized as important. Every Wednesday from 10.30 – 12.30 this was conducted and in
moodle we could get registered for interested courses and learn new things. This was a great
opportunity for us to learn from the industry experts on what is needed in the industry and I
participated in the following sessions

HTTP Basics – Got introduced to how the web works basically and wrote the first ever servlet I
wrote in my life.

WS- security Basics – Got clarified few of the security concepts I had some ambiguities and
learnt more on PKI

XML basics – Learnt that XML is not just typing something with tags and got familiar with
namespace and shema




2.7 Other Non – Technical Experiences


In addition to the technical exposure I got at WSO2, there were so many activities I got exposed
within the internship period. WSO2 did not treat us in a different way as interns and gave all the
opportunities to participate in the events organized at office and enjoy with the staff.

2.7.1 Demonstration
Before I got my 6 weeks leave from WSO2 to take part in MIT-UOM mobile technology
incubation program I did a presentation on the work I did so far. It was held at the board room of
WSO2 office at #59 and Dr. Sanjiva Weerawarna, CEO, Dr. Srinath Perera, senior software
architect and member of IS team including Mr. Prabath Siriwardena and my mentor Mr. Asela
Pathberiya.

I got to know about this just a day before and anyway was a challenging experience. I tried to
present the Entitlement Handler that I have finished and while trying to demonstrate it in action

                                                                                           Page | 45
failed. Later I found that I have forgotten to start the server in debug mode and anyway no one
there depressed me and just encouraged me to continue the presentation and I explained it‟s
functionality without the demonstration.

       This was a nice lesson I learnt to my life not to panic in such situations and glad that I
          continued the presentation well without it. I learnt that we should always be prepared
          for such things can go wrong sometimes and pretty sure that next time I will be more
          defending for such situation with backup plans.

I also presented my proceedings in implementing SAML to XACML and this initiated a
discussion among the board on how things are going to be done and where this implementation is
going to reside in the architecture. It was also a very nice experience for me that I could be there
and see how things are decided at WSO2 with discussion that are so informally done giving
freedom for anyone to put up their ideas and support ideas with thoughts.

This demonstration is an unforgettable experience for my life and encouraged me to work hard
and I am so grateful for the given opportunity.

Also there were two training visits from the department during the internship time period. The
first visit was by Dr. Rapti de Silva and the last one was by Mr. Thilak Fernando from the
Department of Computer Science and Engineering. I explained my experience at WSO2 to them
and both of them gave me a good feedback and advised me to carry on the good work.



2.7.2 WSO2 Annual Trip
This year annual trip of WSO2 family was to Heritance Kandalama and lot of events was
organized to make it more fun for three days. We had so many luxury facilities there with the
courtesy of WSO2 and gathered so many beautiful memories. This was a great chance to meet
office staff in a non-official environment and they all treated us so friendly. Following are two
major activities which were held during the trip and I enjoyed very much. It was a great gift
given by the company for its employees to enjoy with their families getting rid of day to day
office work.




                                                                                          Page | 46
2.7.2.1 Awurudu Games
As it was Singhalese and Tamil New Year season there was an event organized by the company
at the hotel premises. It was full lot of fun awurudu games and I too participated on several of
them. All the staff members and their family members participated in this event and catching
eggs, passing ice and adults event for eating buns were few hits there. All enjoyed the event
maximum and felt the spirit and beauty of the WSO2 family.




2.7.2.2 CSR Activity
Being at Heritance Kandalama, we did not just enjoy the luxury and stay, but also worked for the
spiritual relief and happiness. Here (http://pushpalankajaya.blogspot.com/p/csr-activity-with-
wso2-staff.html) is the blog page I wrote on this experience with the great pleasure I had, been a
contributor in the event.

After „Awurudu games‟ we visited Bellane Oya Primary School which was a less privileged
school and it was an idea of Dr. Sanjeewa Weerawarana, CEO of the company to help such a
school in the area. Funds were raised with contribution of both the company and employees and
finally volunteers could join in visiting the school, helping out them in clearing an area for
playground and checking for what else they need.

They warmly welcomed us when we approach there which was through a very narrow road and
this reminded me of my primary education at Kirindiwela Maha Vidyalaya, which was a bit
same as this school in background and this really guided me to my childhood. In his address to
the school children Dr. Sanjeewa mentioned that lot of employees of the company were like
those kids a time ago and emerged with courage. His intention of that was to encourage the
students and I am sure that at least few of them have raised their hopes and courage with that. It
would be a great occasion, if one of them can make it to WSO2 for their career in the future.




                                                                                         Page | 47
2.7.3 Sports, Entertainment and other activities
The office premises of WSO2 is arranged more like to be a home with all the facilities for the
staff to work in a free environment, enjoying whatever they are doing. There is even a
basketball-court in the office premises and staff normally plays there at the evenings.

In addition to basketball court there are so many other activities available to enjoy at any time we
are feeling bored. Near lunch area there is carom- board, a foosball table and arrangements to
play table tennis, which I used to gather some team after lunch or tea and play for few minutes.
This was a great facility arranged there to relax bit, stretching our hands after working in front of
laptop and to work again refreshed. Also it was a place I got to know many of the staff.

In the Wesak season all the Wesak lanterns that decorated the office were made my office staff
together and there is a television at lobby area and in important occasion people gather there and
watch together.

At the earlier days of my internship at WSO2 each Friday there was a special talk by Dr. Sanjiva
regarding many aspects including the history of WSO2, future of WSO2, and also about
importance of blogging for the company as a marketing method specific for a middleware and
open source of company. I can very well remember one thing he mentioned that never to write
anything that we do not truly believe and to have the responsibility of whatever we write. He
gave lot of tips to improve ourselves as WSO2 promote personal branding of employees and he
so freely shared his experience and updated the staff on this going on regarding company
including the funds company received, new customers found, profits, growth and point out any
weaknesses and encourage people to do their maximum. I think this is a great idea to talk to staff
each week as whole and was so inspiring.

All these just represent the close connection inside the WSO2 family.




                                                                                           Page | 48
Experience at WSO2 as an Intern
Experience at WSO2 as an Intern
Experience at WSO2 as an Intern
Experience at WSO2 as an Intern
Experience at WSO2 as an Intern
Experience at WSO2 as an Intern
Experience at WSO2 as an Intern
Experience at WSO2 as an Intern
Experience at WSO2 as an Intern
Experience at WSO2 as an Intern

Weitere ähnliche Inhalte

Was ist angesagt?

Industrial Training Report (Lenovo)
Industrial Training Report (Lenovo)Industrial Training Report (Lenovo)
Industrial Training Report (Lenovo)Kwong Cheong Ng
 
computer science internship report
computer science  internship reportcomputer science  internship report
computer science internship reportkaahwa Armstrong
 
AbleMoJah's IT Report
AbleMoJah's IT ReportAbleMoJah's IT Report
AbleMoJah's IT ReportAble MoJah
 
Information technology Internship report
Information technology Internship reportInformation technology Internship report
Information technology Internship reportRodney kaweesa
 
INTERNSHIP REPORT done by Didier Iradukunda (Electrical and Computer Engineer...
INTERNSHIP REPORT done by Didier Iradukunda (Electrical and Computer Engineer...INTERNSHIP REPORT done by Didier Iradukunda (Electrical and Computer Engineer...
INTERNSHIP REPORT done by Didier Iradukunda (Electrical and Computer Engineer...Didier Iradukunda
 
Final Internship Report
Final Internship ReportFinal Internship Report
Final Internship ReportMinhas Kamal
 
JULIUS KIPCHUMBA KEMBOI
JULIUS KIPCHUMBA KEMBOIJULIUS KIPCHUMBA KEMBOI
JULIUS KIPCHUMBA KEMBOIjulius kemboi
 
Industrial training report
Industrial training reportIndustrial training report
Industrial training reportChanaka Sudheera
 
Final Internship Report by kiyimba Bill (International University Of East Afr...
Final Internship Report by kiyimba Bill (International University Of East Afr...Final Internship Report by kiyimba Bill (International University Of East Afr...
Final Internship Report by kiyimba Bill (International University Of East Afr...Bill Kiyimba
 
Summer internship report
Summer internship reportSummer internship report
Summer internship reportKrishna Bhawsar
 
Internship Final Report
Internship Final ReportInternship Final Report
Internship Final ReportAnisa Yahdi
 
Computer science/ IT Fianl attachment report
Computer science/ IT Fianl attachment reportComputer science/ IT Fianl attachment report
Computer science/ IT Fianl attachment reportPaullaster Okoth
 
Computer science internship report
Computer science internship reportComputer science internship report
Computer science internship reportsurafelteshome3
 
Report final
Report finalReport final
Report finalJim Kats
 
JANE MRIMI - R139875W INDUSTRIAL ATTACHMENT REPORT
JANE MRIMI - R139875W INDUSTRIAL ATTACHMENT REPORTJANE MRIMI - R139875W INDUSTRIAL ATTACHMENT REPORT
JANE MRIMI - R139875W INDUSTRIAL ATTACHMENT REPORTJane Murimi
 

Was ist angesagt? (20)

Industrial Training Report (Lenovo)
Industrial Training Report (Lenovo)Industrial Training Report (Lenovo)
Industrial Training Report (Lenovo)
 
Training Report
Training ReportTraining Report
Training Report
 
computer science internship report
computer science  internship reportcomputer science  internship report
computer science internship report
 
Final Report v3
Final Report v3Final Report v3
Final Report v3
 
AbleMoJah's IT Report
AbleMoJah's IT ReportAbleMoJah's IT Report
AbleMoJah's IT Report
 
Information technology Internship report
Information technology Internship reportInformation technology Internship report
Information technology Internship report
 
INTERNSHIP REPORT done by Didier Iradukunda (Electrical and Computer Engineer...
INTERNSHIP REPORT done by Didier Iradukunda (Electrical and Computer Engineer...INTERNSHIP REPORT done by Didier Iradukunda (Electrical and Computer Engineer...
INTERNSHIP REPORT done by Didier Iradukunda (Electrical and Computer Engineer...
 
Final Internship Report
Final Internship ReportFinal Internship Report
Final Internship Report
 
JULIUS KIPCHUMBA KEMBOI
JULIUS KIPCHUMBA KEMBOIJULIUS KIPCHUMBA KEMBOI
JULIUS KIPCHUMBA KEMBOI
 
Industrial training report
Industrial training reportIndustrial training report
Industrial training report
 
Final Internship Report by kiyimba Bill (International University Of East Afr...
Final Internship Report by kiyimba Bill (International University Of East Afr...Final Internship Report by kiyimba Bill (International University Of East Afr...
Final Internship Report by kiyimba Bill (International University Of East Afr...
 
Summer internship report
Summer internship reportSummer internship report
Summer internship report
 
Internship Final Report
Internship Final ReportInternship Final Report
Internship Final Report
 
Computer science/ IT Fianl attachment report
Computer science/ IT Fianl attachment reportComputer science/ IT Fianl attachment report
Computer science/ IT Fianl attachment report
 
Internship Report
Internship Report Internship Report
Internship Report
 
INTERNSHIP REPORT
INTERNSHIP REPORTINTERNSHIP REPORT
INTERNSHIP REPORT
 
Computer science internship report
Computer science internship reportComputer science internship report
Computer science internship report
 
Report final
Report finalReport final
Report final
 
JANE MRIMI - R139875W INDUSTRIAL ATTACHMENT REPORT
JANE MRIMI - R139875W INDUSTRIAL ATTACHMENT REPORTJANE MRIMI - R139875W INDUSTRIAL ATTACHMENT REPORT
JANE MRIMI - R139875W INDUSTRIAL ATTACHMENT REPORT
 
Placement Report
Placement ReportPlacement Report
Placement Report
 

Andere mochten auch

What I did in My Internship @ WSO2
What I did in My Internship @ WSO2What I did in My Internship @ WSO2
What I did in My Internship @ WSO2Andun Sameera
 
Internship experience
Internship experienceInternship experience
Internship experiencemsriramca
 
BSC CSIT Final Year Internship Experience Report on SEO
BSC CSIT Final Year Internship Experience Report on SEOBSC CSIT Final Year Internship Experience Report on SEO
BSC CSIT Final Year Internship Experience Report on SEOSirish Paudel
 
Internship report format
Internship report formatInternship report format
Internship report formatchwf
 
Internship report on ptcl 2014 final
Internship report on ptcl 2014 finalInternship report on ptcl 2014 final
Internship report on ptcl 2014 finalImran Malik
 
Internship Report on Building Construction
Internship Report on Building ConstructionInternship Report on Building Construction
Internship Report on Building ConstructionEsmael Aragaw
 

Andere mochten auch (7)

What I did in My Internship @ WSO2
What I did in My Internship @ WSO2What I did in My Internship @ WSO2
What I did in My Internship @ WSO2
 
Internship experience
Internship experienceInternship experience
Internship experience
 
BSC CSIT Final Year Internship Experience Report on SEO
BSC CSIT Final Year Internship Experience Report on SEOBSC CSIT Final Year Internship Experience Report on SEO
BSC CSIT Final Year Internship Experience Report on SEO
 
Internship report format
Internship report formatInternship report format
Internship report format
 
Internship report on ptcl 2014 final
Internship report on ptcl 2014 finalInternship report on ptcl 2014 final
Internship report on ptcl 2014 final
 
internship report
internship reportinternship report
internship report
 
Internship Report on Building Construction
Internship Report on Building ConstructionInternship Report on Building Construction
Internship Report on Building Construction
 

Ähnlich wie Experience at WSO2 as an Intern

Satellite Systems and Terrestrial TV Distribution and receiving systems
Satellite Systems and Terrestrial TV Distribution and receiving systems Satellite Systems and Terrestrial TV Distribution and receiving systems
Satellite Systems and Terrestrial TV Distribution and receiving systems Chamira Nanayakkara
 
HMT Machine Tools Ltd Ajmer Practical Summer Training Report
HMT Machine Tools Ltd Ajmer Practical Summer Training ReportHMT Machine Tools Ltd Ajmer Practical Summer Training Report
HMT Machine Tools Ltd Ajmer Practical Summer Training ReportSiddharth Bhatnagar
 
Industrial Training Report - SLT
Industrial Training Report - SLTIndustrial Training Report - SLT
Industrial Training Report - SLTsivakumar haameshan
 
Saqib 19AU014 Industry training report.pdf
Saqib 19AU014 Industry training report.pdfSaqib 19AU014 Industry training report.pdf
Saqib 19AU014 Industry training report.pdfahmadravian317
 
Awais Final training report.pdf Orange Train
Awais Final training report.pdf Orange TrainAwais Final training report.pdf Orange Train
Awais Final training report.pdf Orange Trainahmadravian317
 
Industrial Training Report on PLC & SCADA
Industrial Training Report on PLC & SCADAIndustrial Training Report on PLC & SCADA
Industrial Training Report on PLC & SCADAAman Jaiswal
 
Documentation 140612091527-phpapp01
Documentation 140612091527-phpapp01Documentation 140612091527-phpapp01
Documentation 140612091527-phpapp01Mahesh Jadhav
 
Kaahwa armstrong intern report
Kaahwa armstrong intern reportKaahwa armstrong intern report
Kaahwa armstrong intern reportkaahwa Armstrong
 
Wioska moldings private limited
Wioska moldings private limitedWioska moldings private limited
Wioska moldings private limitedAkhilendra Shukla
 
Internship report
Internship report Internship report
Internship report DiribaEjersa
 
Summer Training Report
Summer Training ReportSummer Training Report
Summer Training ReportAalap Valia
 
Naita training report Electro serv
Naita training report Electro servNaita training report Electro serv
Naita training report Electro servVishanMadushanka
 
Industrial Training Report, UmaOya Downstream Development Project
Industrial Training Report, UmaOya Downstream Development ProjectIndustrial Training Report, UmaOya Downstream Development Project
Industrial Training Report, UmaOya Downstream Development ProjectMohamed Juzaafi
 

Ähnlich wie Experience at WSO2 as an Intern (20)

Internship Report
Internship ReportInternship Report
Internship Report
 
Satellite Systems and Terrestrial TV Distribution and receiving systems
Satellite Systems and Terrestrial TV Distribution and receiving systems Satellite Systems and Terrestrial TV Distribution and receiving systems
Satellite Systems and Terrestrial TV Distribution and receiving systems
 
HMT Machine Tools Ltd Ajmer Practical Summer Training Report
HMT Machine Tools Ltd Ajmer Practical Summer Training ReportHMT Machine Tools Ltd Ajmer Practical Summer Training Report
HMT Machine Tools Ltd Ajmer Practical Summer Training Report
 
1st Report at Nikini Automation1
1st Report at Nikini Automation11st Report at Nikini Automation1
1st Report at Nikini Automation1
 
Industrial Training Report - SLT
Industrial Training Report - SLTIndustrial Training Report - SLT
Industrial Training Report - SLT
 
Saqib 19AU014 Industry training report.pdf
Saqib 19AU014 Industry training report.pdfSaqib 19AU014 Industry training report.pdf
Saqib 19AU014 Industry training report.pdf
 
Awais Final training report.pdf Orange Train
Awais Final training report.pdf Orange TrainAwais Final training report.pdf Orange Train
Awais Final training report.pdf Orange Train
 
Internship report on IT
Internship report on ITInternship report on IT
Internship report on IT
 
Industrial Training Report on PLC & SCADA
Industrial Training Report on PLC & SCADAIndustrial Training Report on PLC & SCADA
Industrial Training Report on PLC & SCADA
 
training report
training report training report
training report
 
project report erp
project report erpproject report erp
project report erp
 
Documentation 140612091527-phpapp01
Documentation 140612091527-phpapp01Documentation 140612091527-phpapp01
Documentation 140612091527-phpapp01
 
Kaahwa armstrong intern report
Kaahwa armstrong intern reportKaahwa armstrong intern report
Kaahwa armstrong intern report
 
final report.docx
final report.docxfinal report.docx
final report.docx
 
Wioska moldings private limited
Wioska moldings private limitedWioska moldings private limited
Wioska moldings private limited
 
Internship report
Internship report Internship report
Internship report
 
Summer Training Report
Summer Training ReportSummer Training Report
Summer Training Report
 
Naita training report Electro serv
Naita training report Electro servNaita training report Electro serv
Naita training report Electro serv
 
Internship at SELISE
Internship at SELISEInternship at SELISE
Internship at SELISE
 
Industrial Training Report, UmaOya Downstream Development Project
Industrial Training Report, UmaOya Downstream Development ProjectIndustrial Training Report, UmaOya Downstream Development Project
Industrial Training Report, UmaOya Downstream Development Project
 

Mehr von Pushpalanka Jayawardhana

Authorization for workloads in a dynamically scaling heterogeneous system
Authorization for workloads in a  dynamically scaling heterogeneous systemAuthorization for workloads in a  dynamically scaling heterogeneous system
Authorization for workloads in a dynamically scaling heterogeneous systemPushpalanka Jayawardhana
 
The role of IAM in OpenBanking and where do we stand
The role of IAM in OpenBanking and where do we stand The role of IAM in OpenBanking and where do we stand
The role of IAM in OpenBanking and where do we stand Pushpalanka Jayawardhana
 
Identity mediation for enterprise identity bus
Identity mediation for enterprise identity busIdentity mediation for enterprise identity bus
Identity mediation for enterprise identity busPushpalanka Jayawardhana
 
Threads and Concurrency Identifying Performance Deviations in Thread Pools
Threads and Concurrency Identifying Performance Deviations in Thread PoolsThreads and Concurrency Identifying Performance Deviations in Thread Pools
Threads and Concurrency Identifying Performance Deviations in Thread PoolsPushpalanka Jayawardhana
 
Approximate Protocol for Privacy Preserving Associate Rule Mining
Approximate Protocol for Privacy Preserving Associate Rule MiningApproximate Protocol for Privacy Preserving Associate Rule Mining
Approximate Protocol for Privacy Preserving Associate Rule MiningPushpalanka Jayawardhana
 
Leveraging federation capabilities of identity server for api gateway
Leveraging federation capabilities  of identity server for api gatewayLeveraging federation capabilities  of identity server for api gateway
Leveraging federation capabilities of identity server for api gatewayPushpalanka Jayawardhana
 
Feedback queuing models for time shared systems
Feedback queuing models for time shared systemsFeedback queuing models for time shared systems
Feedback queuing models for time shared systemsPushpalanka Jayawardhana
 

Mehr von Pushpalanka Jayawardhana (11)

Authorization for workloads in a dynamically scaling heterogeneous system
Authorization for workloads in a  dynamically scaling heterogeneous systemAuthorization for workloads in a  dynamically scaling heterogeneous system
Authorization for workloads in a dynamically scaling heterogeneous system
 
The role of IAM in OpenBanking and where do we stand
The role of IAM in OpenBanking and where do we stand The role of IAM in OpenBanking and where do we stand
The role of IAM in OpenBanking and where do we stand
 
Frictionless Adaption of PSD2 with WSO2
Frictionless Adaption of PSD2 with WSO2Frictionless Adaption of PSD2 with WSO2
Frictionless Adaption of PSD2 with WSO2
 
Identity mediation for enterprise identity bus
Identity mediation for enterprise identity busIdentity mediation for enterprise identity bus
Identity mediation for enterprise identity bus
 
Threads and Concurrency Identifying Performance Deviations in Thread Pools
Threads and Concurrency Identifying Performance Deviations in Thread PoolsThreads and Concurrency Identifying Performance Deviations in Thread Pools
Threads and Concurrency Identifying Performance Deviations in Thread Pools
 
Approximate Protocol for Privacy Preserving Associate Rule Mining
Approximate Protocol for Privacy Preserving Associate Rule MiningApproximate Protocol for Privacy Preserving Associate Rule Mining
Approximate Protocol for Privacy Preserving Associate Rule Mining
 
Leveraging federation capabilities of identity server for api gateway
Leveraging federation capabilities  of identity server for api gatewayLeveraging federation capabilities  of identity server for api gateway
Leveraging federation capabilities of identity server for api gateway
 
Feedback queuing models for time shared systems
Feedback queuing models for time shared systemsFeedback queuing models for time shared systems
Feedback queuing models for time shared systems
 
Big Data CDR Analyzer - Kanthaka
Big Data CDR Analyzer - KanthakaBig Data CDR Analyzer - Kanthaka
Big Data CDR Analyzer - Kanthaka
 
Kanthaka - High Volume CDR Analyzer
Kanthaka - High Volume CDR AnalyzerKanthaka - High Volume CDR Analyzer
Kanthaka - High Volume CDR Analyzer
 
Cosmology in general
Cosmology in generalCosmology in general
Cosmology in general
 

Kürzlich hochgeladen

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 

Kürzlich hochgeladen (20)

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 

Experience at WSO2 as an Intern

  • 1. UNIVERSITY OF MORATUWA Faculty of Engineering Non-GPA Module 399: Industrial Training TRAINING REPORT Field : Computer Science and Engineering Name : M.K.P.R. Jayawardhana Registration Number : 080201N Field : Computer Science and Engineering Training Establishment : WSO2 Lanka (pvt) Ltd Training Period : (28.02.2011 -24.06.2011) – (12.08.2011-23.09.2011) Date of Submission : 01.10.2011 Page | - 0 -
  • 2. PREFACE This document is presented at the end of the internship period I had from 28th February 2011 – 23rd September 2011 at WSO2 Lanka (pvt) Ltd, No. 59, Flower Road, Colombo 07 as a trainee software engineer. The document is arranged into three main chapters that present different aspects of the training I got. This contains basic information about the establishment and deep information on the training I received and my personal views on the internship period considering the whole experience. The first chapter is dedicated to the information on the training establishment. Without having a good understanding about the functionalities of the company, the procedures, organization hierarchy and structure it is difficult to comfortable move with the staff, getting things done in the correct way. To give my maximum contribution while learning from the company I have to have a good understanding on the business the company is involved in and the technologies and development standards and models they follow. With all these, this chapter also includes my personal score on the current performance of WSO2. The second chapter is totally dedicated to the experience I had in internship period. This includes all the technical work; I was exposed to as well as the non-technical experiences. This describes how I completed the tasks I was given and how I resolved the difficulties I came across while doing them. In explaining the task, the implementations were mostly described using diagrams that I feel it is the best way to present them and samples are given at relevant places which I actually used for testing purposes and outcomes of them. This technical section in detail describes the functionality of the Entitlement handler and implementation of SAML to XACML in the WSO2 Identity Server with an introduction to the tools I used and the security concepts I got familiar with while doing that. The technologies I got exposed are also discussed with what I have learnt from them. The non-technical experiences such as trips and WSO2Con-2011 are described considering the great effects they had on building up a professional personality within me, getting to know more of the staff, company and industry practices. In the third chapter, I have discussed the effectiveness and personal feelings towards training as a whole. Also it provides a personal assessment on own experience and the whole industrial training programme from the co-ordination to the end, with suggestions to improve. Page | i
  • 3. ACKNOWLEDGEMENTS At the very beginning of this report on my work in the internship period, it‟s my privilege to thank the people who contribute to make it such a great experience for my life. If not for the support of them, from arranging training establishment selections to successful completion of the 24 weeks, it would not be this effective. I heart fully thank Ms. Vishakha Nanayakkara, the former Head of Department, Computer Science and Engineering, University of Moratuwa for the immense effort taken to provide us with best training establishments. Also the guidance given on how to extract the value of this internship period was invaluable. Also I am so grateful to Dr. Malaka Walpola, the Industrial Training Coordinator for the huge commitment shown in making sure each and every student is getting a training establishment. The support given by resolving our selections, organizing mock interviews, coordinating with the industry and giving friendly guidance whenever needed is incomparably great. Also I must thank all the members in Industrial Training Division of the University of Moratuwa and NAITA (National Apprentice and Industrial Training Authority) for guiding us from the very beginning and for the work carried out throughout our internship period to make it a success, giving us a complete experience in the industry. I am so grateful to Dr. Sanjiva Weerawarana, Founder, Chairman and CEO of WSO2 for giving us this invaluable opportunity to learn in an internationally recognized company within a friendly environment. Then I would like to thank Mr. Supun Kamburugamuva, Technical Lead and Mr. Selvaratnam Uthaiyashankar who interviewed me and recommended me for the internship at WSO2. Also I am thankful to Mr. Samisa Abeysinghe, VP of Engineering for the given guidance on how to improve and proceed using the resources provided and for giving us the opportunity to feel the beauty of a technical career giving appropriate responsibilities. I am thankful to Ms. Udeshika Ratnavira, Senior Manager, Administration and HR, for the friendly support given in any issue I came up with. The work done in coordination with university and making us a part of the WSO2 family is really appreciated. Page | ii
  • 4. I am so much grateful to the IS (Identity Server) team for all the support given throughout my stay at WSO2. I specially thank Mr. Asela Pathberiya, Senior Software Engineer, assigned mentor for me, for immense support and guidance given in completing any task given to me. Highly appreciate the support given at anytime, instead of the busy schedules and so grateful for the kind clarifications done whenever I was stuck. Also I am thankful to Mr. Prabath Siriwardena Architect & Product Manager – Carbon Platform & Security, for great selection of works assigned to me. The flow of work assigned to me, was well organized so that I could grow step by step. I am thankful to the whole IS team including Mr. Thilina Buddhika and Ms. Hasini Ganasinghe for the friendly environment and support given throughout my internship period. I am thankful to each and every member of the WSO2 family in technical, non-technical and support staff, for the friendly environment provided and been a helping hand whenever needed. I did not have to worry having any technical issue or non-technical issue that there was always someone I could get help from or ask guidance. Thank you very much everyone for making this internship period such a fruitful experience for my life, widening my horizons! Page | iii
  • 5. Table of Contents 1 Introduction to the Training Establishment ....................................................................... 1 1.1 WSO2 Incorporated 1 1.2 Evolution of WSO2 3 1.3 WSO2 Vision 3 1.3.1 Reinvent the Technology .............................................................................................. 3 1.3.2 Reinvent the Business Relationship ............................................................................. 4 1.3.3 Reinvent the Support Model ......................................................................................... 4 1.3.4 Create a Great Place to Work ....................................................................................... 5 1.4 WSO2 Business Model 6 1.4.1 Support and Service model ........................................................................................... 6 1.5 Organizational Structure 9 1.5.1 Employee Hierarchy ..................................................................................................... 9 1.5.2 Communication .......................................................................................................... 10 1.5.3 The WSO2 Team ........................................................................................................ 10 1.6 WSO2 Products and Services 12 1.7 Performance of WSO2 13 1.7.1 Strengths ..................................................................................................................... 14 1.7.2 Weaknesses ................................................................................................................. 16 1.7.3 Service to Sri Lankan Society .................................................................................... 16 1.8 Suggestions to Improve 17 2 Training Experience ............................................................................................................ 18 2.1 Joining WSO2 Family 18 2.2 Induction 19 2.3 Development Environment 20 Page | iv
  • 6. 2.4 Hands on Ws – Security 21 2.4.1 Sample Client for IS ................................................................................................... 23 2.4.2 Entitlement Handler .................................................................................................... 25 2.5 Implement SAML to XACML 31 2.6 Other Technical Experiences 43 2.6.1 Apache Team .............................................................................................................. 43 2.6.2 Training Sessions ........................................................................................................ 45 2.7 Other Non – Technical Experiences 45 2.7.1 Demonstration ............................................................................................................ 45 2.7.2 WSO2 Annual Trip ..................................................................................................... 46 2.7.3 Sports, Entertainment and other activities .................................................................. 48 2.8 WSO2Con – 2011 49 3 Conclusion ............................................................................................................................ 50 3.1 Importance of Industrial Training 50 3.2 Satisfaction 50 3.3 WSO2 as a Training Establishment 51 3.4 Overall Training Programme 52 Page | v
  • 7. List of Figures Figure 1.1 WSO2 Company Logo .................................................................................................. 1 Figure 1.2 Employee Hierarchy ...................................................................................................... 9 Figure 2.1 Entitlement Handler Structure ..................................................................................... 27 Figure 2.2 Inside .mar file Entitlement Handler ........................................................................... 30 Figure 2.3 Flow of secured server to server communication ........................................................ 33 Figure 2.4 The Structure of the XACMLAuthzDecisionQueryType ........................................... 36 Figure 2.5 The Structure of the SAML Response......................................................................... 40 Figure 2.6 Signing Procedure ....................................................................................................... 41 Figure 2.7 Validation Process ....................................................................................................... 41 Page | vi
  • 8. 1 Introduction to the Training Establishment 1.1 WSO2 Incorporated Figure 1.1 WSO2 Company Logo As the name WSO2 stands for Web Services Oxygen, the company is truly about giving a deep breath of relief to the people who are finding enterprise solutions in the web space. Being founded in 2005 by pioneers in XML and web services technologies and standards as well as open source, WSO2 offers a complete SOA platform, 100% free and open source and with cloud approach through WSO2 Stratos, the world‟s only 100% open source PaaS is offered by recent times. WSO2 is mainly focused on developing and producing top quality products and they have the base on the free and open source Apache software stack. Hence all of the products are released under the Apache Software License. The company consists of locally and globally recognized set of passionate software engineers who enjoy their dedication to the industry. Most of them are committers of software projects like Axis2, Rampart, Synapse, Sandesha, Transport, Cassandra, Commons of the Apache foundation and various other software communities including Eclipse, Ruby and Rails. All the products at WSO2 are developed around one core called „core carbon framework‟ which has the base in Apache Axis2 and company encourage employees to build their own personal brand contributing these projects. In providing web based solutions, WSO2 is offering 12 servers that gather a perfectly designed environment to implement a business solution in agile manner. For example WSO2 – IS can shape into a customized environment providing authentication and authorization services to a shopping context or to a military context. StartosLive provides all the services of these servers 100% free in the cloud environment. Page | 1
  • 9. Being 100% free and open source, someone may wonder whether this can make a sustainable business. The business strategy at WSO2 is providing training, support and consultancy for their products to the customers. As products are free to download, test and play with, if the customer is willing to have WSO2 support and training to bring up a business solution for them, then they are charged for that service. The company maintains a SOA developer portal called „WSO2 Oxygen Tank‟ which includes a knowledge base, articles, webinars, screen casts and tutorials which simply creates an online resource center for anyone who is willing to try WSO2 products with no cost. Apart from Apache, being an open source company WSO2 has built so many connections around the world and can list few of them as follows,  The World Wide Web Consortium (W3C)  OpenID Foundation  NBQSA Competitions  AMQP Working Group  SOAP, WSDL and WS-SEC standards  OCERT and OAuth  Microsoft‟s InterOP Vendor Alliance  InfoCard Foundation  OASIS WSO2 is a global company with offices in USA, UK and Sri Lanka and having customers worldwide. The UK office is mainly focused on marketing and customer relations and the newly opened USA office at Palo Alto is in its growing stages regarding the technical development activities. The branch in Sri Lanka act as the main research and development center of WSO2 and have currently operate from three offices at No.59, Flower Rd, Colombo 07, No.50, Flower Rd, Colombo 07 and No.58, Dharmapala Mw, Kollupitiya. Being just 6 years old in the industry, WSO2 has shown immense growth that sometimes the customers have admired WSO2 above the industry giants like IBM and Oracle. Recently it has being stated as one of the top ten open-source SOA companies in the world with a comparatively little team in size. WSO2 has brought lot of opportunities to Sri Lankans and growing smarter day by day to remark the Sri Lankan contribution to the software industry. Page | 2
  • 10. 1.2 Evolution of WSO2 04th August 2005 is declared as the birthday of WSO2 and that selection was done as lot of important things regarding the company has happened around that day, within August to September, such as incorporation of the USA Company, incorporation of the Sri Lankan company and incorporation of UK Company. At first the co-founders of WSO2 has named it as „Serendib Systems‟ and has later changed it due to a request of an investor [2]. With the funding received by the investors company has then proceeded with implementation of carbon platform with bunch of experts they had by the time and after few hard times company had emerged into the middleware industry with lot of efforts and sacrifices from the team. Currently WSO2 stands as a competitor to the giants like Oracle and IBM who were at the business for decades. 1.3 WSO2 Vision WSO2 has a very clear vision regarding the platform, customers, employees and growth that everything is decided on these basics. Following are the four categories WSO2 vision is created of to lead the company to success and compete globally. 1.3.1 Reinvent the Technology At the WSO2 was founded on there were many giants in the industry like Oracle and IBM and still WSO2 enters the market segment with the belief that they can re-invent that technology in a better way. A way that is simpler and more straightforward from project conception to the finish at long-term production management. WSO2 had the advantage they could start from the scratch, and make full benefit of hindsight, and to develop the most advanced middleware platform available today. Having known the pitfalls in advance the platform was designed so defending to overcome the issues and increase performance. Having used OSGI framework, WSO2‟s component model enables a lean, high performance approach with self-consistency across the platform. and fully customizable – adapting to your project Instead of forcing the project to adapt Page | 3
  • 11. to the middleware, WSO2 provides flexibility to be customized as the customer needs. Building multi-tenancy, elasticity, instant provisioning, and metering to the whole platform and making it available as a service (PaaS) in public and private clouds WSO2 is playing a great role in cloud computing too. 1.3.2 Reinvent the Business Relationship Although the technology at WSO2 is leading edge, the core value is recognized as the quality of the business relationship with the customer. So WSO2 has taken radical steps to a customer- oriented company. All the software is 100% open source, built in under a fully open and transparent development process at wso2.org mailing lists and at the ASF. There are no any license fees or trial version that expires within a period, as all the products are released under the Apache License 2.0 which means that there is no any restriction on the products. There is no community license or evaluation license and anyone using the same version of product has the same functionalities. The value WSO2 brings to products uniquely is the relationship build with customers in customizing the products to meet the maximum efficiency for the customer‟s context. Through the highest quality training, support, consulting services, 24x7x365 production support, or an entire solution, WSO2‟s sole objective is to tailor the world-class expertise to each customer‟s unique needs. 1.3.3 Reinvent the Support Model As support is essential for a critical enterprise system WSO2 is providing a very good customer support service, understanding the great responsibility of running such a system. Using the WSO2 online support system, a customer issue can quickly be directed to the best source of expertise with WSO2 developers on the product or committers to the open source project. WSO2 support lets the customer interact directly with the best person in the world to resolve their issues quickly as there are no separate support engineers. The people who build the product are support engineers too as they know every nook and corner of the product well. When necessary, WSO2 provide hot fixes, patches, and service packs to keep customer installation running efficiently. Page | 4
  • 12. Going beyond production support, WSO2 support and service model allows customer to purchase just the services they need, without being forced to pay for bundled services of little value. WSO2 believes that satisfied and successful customers are the best way to make WSO2 a successful company in the global middleware market. 1.3.4 Create a Great Place to Work After years in IBM Research, CEO and co-founder Sanjiva Weerawarana had a dream to not only reinvent the technology, business relationships, and support model for enterprise software, but also to bring Silicon Valley-style entrepreneurialism to Sri Lanka. As a result the heart of WSO2 development and operations is centralized in Colombo, Sri Lanka. With close relationships to the top local universities and building creative spirit and global leadership in open source technologies, WSO2 has become a hotbed for local innovators. WSO2 made being Apache committers is a reality for Sri Lankans, which was once an unreachable dream. WSO2 encouraged personal development of its employees even to actually leave the company for doctoral studies abroad. These employees are encouraged to return to WSO2, to found other entrepreneurial companies in Sri Lanka, or to find employment in other organizations where they can invest their talents to make Sri Lanka and the whole world a better place to live.  I love this vision of WSO2 a lot that it not running after money or fame. It has built a sustainable business that benefits both customers and the company with employees and finally adding value to Sri Lanka and the whole world. As mentioned from the vision WSO2 is truly a bed for innovators who are not afraid to try. Page | 5
  • 13. 1.4 WSO2 Business Model As WSO2 is a 100% FOSS company the products are available at free-of-charge to be downloaded by anyone and the source code is also available that utilizing a build tool like Maven anyone can build the product doing any modifications they wish. Therefore to build a sustainable company has to adapt a different but feasible business model to operate on. WSO2 has adopted a very feasible and a unique business model to competitively move forward in the middleware arena which already had industry giants as Oracle and IBM. Making it downloadable as free-of-charge WSO2 attracts customer from Oracle and IBM where they have to pay. That way was a good idea to enter the market as people will consider the capital a lot. But in an enterprise system a customer will not take the risk of lower performance, quality and definitely consider the availability of 24X7X365 support. And that was where WSO2 has identified as the opportunity to make money, selling software support, consultancy and training for the product stack that is based on SOA and web services. Additionally, client projects are also carried out. With this business model WSO2 has been able to compete with the giants existed in the middleware industry and been preferred by customers over IBM, Oracle etc. just been six years. 1.4.1 Support and Service model The services WSO2 offering are,  Consultation (Evaluation Support)  Training  Development Support  On sight trainings (lectures, seminars, conferences etc.).  Off sight trainings (webinars, podcasts, Self-Paced Training etc.)  Production Support Except these programs there are also Quick Start and Cloud Start programs. Page | 6
  • 14. 1.4.1.1 Evaluation Support This is designed to help customers in early stages of middleware projects, especially when there are to meet advanced technology challenges. WSO2 experts can guide customers in technology selection, product selection/evaluation and migration/integration strategies. For qualified customers some of the services are free of charge in this model. 1.4.1.2 Quick Start Program (QSP) WSO2 Quick Start is a rapid program that brings world class expert developers and architects onsite to work in collaboration with the customer‟s team. The program also includes follow-up support with a period of online Development Support. The QSP will be conducted within just one week. 1.4.1.3 Cloud Start The Cloud Start program is designed to get WSO2 Stratos, the carbon platform as a PasaS, installed and get ready for the customer enterprise. Cloud Start brings two senior WSO2 engineers on site for 5 business days to work with the customer team. Mainly this programs is targeted on deploying and configuring WSO2 Stratos on the client's cloud infrastructure and providing the relevant training on that. 1.4.1.4 Development Support At this level of support the experts from WSO2 directly assist the clients‟ engineering team during development. WSO2 offers Development Support to help migrate, integrate, optimize and manage the customer‟s enterprise middleware deployments. By providing a direct channel between client engineering teams and the team WSO2 during the critical development stages, this becomes a catalyst to the process to reach the intended product soon. Customers get these benefits through this model: • Migrating from expensive proprietary middleware products • Integrating with other middleware and infrastructure products • Tuning for performance and security • Developing custom product features Page | 7
  • 15. 1.4.1.5 Production Support A system in production is defined as one that performs, or assists in performing legally binding transactions and is used by end-users, where a failure of a system in production will have an immediate economic impact on the organization. So understanding the critical nature of this WSO2 has designed a support mechanism that guarantees WSO2 middleware infrastructure enables the client applications to be available 24x7x365 as mentioned in annex, A3. The Production Support customers are eligible to have the latest feature upgrades, product patches and service packs. A Subscriber shall reasonably determine the severity level of Errors, according to these protocols attached at Annex as A2. 1.4.1.6 TurnKey Packages Although WSO2 offers a full menu of products and services, they also offer complete turnkey solution packages. One of the major support feature supplied from these are ongoing twenty four hour enterprise-level maintenance on the entire client system, installing and provisioning of WSO2‟s lean, high-performance Carbon platform to run, govern, manage, and monitor the solution and also it provides a pre-validated architecture template set to address specific business scenarios and requirements. Here the WSO2 staff manages and implement the project from conception to deployment to maintenance for the customer in specific area such as:  Mobile Services Gateway  FIX Gateway  SAP Message Gateway  Customized solutions WSO2 is committed to make the customer experience the best service from them and all the staff work with dedication towards that. Page | 8
  • 16. 1.5 Organizational Structure WSO2 has a very flat and informal structure inside the company and everyone is treated equally. At WSO2Con Mr. Samisa Abeysinghe mentioned that at „WSO2 we do not have resources, we have the WSO2 team‟ which I experienced throughout the stay. 1.5.1 Employee Hierarchy The sole purpose of keeping this hierarchy was for activities regarding management done by Human Resources Management and had no effect in making a technical decision that even an idea from an intern like me are considered and accepted if it is well supported with facts. This flat hierarchy is so helpful in fast decision making at the agile software development that the company has put trust on its employees that they will do the most perfect thing in a situation. Figure 1.2 Employee Hierarchy Page | 9
  • 17. 1.5.2 Communication Communication inside WSO2 is so transparent that everything goes in the mailing lists of the company domain and this is also very fast in fixing anything. This transparency allows maximum productivity as and confusions are so lowered. Following are few mailing lists amongst them. Team – Anything regarding the whole WSO2 team goes here. Eg .Organizing trip, seating plans Support – dev – This is focusing on support for the developers. Training – To discuss things related to training inside WSO2 and outside things that employees can participate. Marketing – Discuss matter related to marketing strategy etc. Anyone can post their ideas here on how to promote WSO2 products Operations – Any issue regarding daily operations of the company goes here Eg. Cleaning Infrastructure – Any matter regarding network, WSO2 servers etc. goes here Vacation – Any kind of leave taken should be informed here News – Any news regarding the industry that seems useful for the company are posted here Club – Jokes and other stuff goes here for fun mostly Also there is no restriction to talk to anyone and even we could easily go to Dr. Sanjiva Weerawarana and discuss any issue we had. All the doors are open for people to directly communicate and there was no need to go in a hierarchy. 1.5.3 The WSO2 Team The WSO2 team consists of the best people for each field that is the key factor company is conquering the middleware market so soon. Following is the current combination of the team. Page | 10
  • 18. Leadership – WSO2 is leaded by very experienced and people across the globe that guides the company for this much success in just 6 years. • Mr Sanjiva Weerawarana, PhD, Founder, Chairman and CEO • Mr Paul Fremantle, PhD, Co-Founder and CTO • Mr Jonathan Marsh, VP Business Development and Product Design • Ms Monica Pal, VP Marketing • Mr Lavi de Silva, VP Global Sales • Mr Samisa Abeysinghe, VP Engineering • Mr Devaka Randeniya, Senior Director of Sales • Mr Paul Broekhoven, Director, European Sales • Ms Padmika Dissanaike, VP Finance • Ms Puny Navaratne, Director, Legal • Ms Hasmin Abdul Cader, Director, Marketing • Mr Asanka Abeysinghe, Director, Solutions Architecture • Mr Mahesh Markus, Director, Support • Mr Afkham Azeez – Director, Architecture • Ms Udeshika Ratnavira, Senior Manager, Administration and HR Advisors - The world class personalities and scholars who will be guiding the company through out with their experience and valuable insights on the industry are as follows. • Mr Larry Augustin – Investor/Advisor • Mr Geir Magnusson Jr. – VP Engineering, Joost • Mr Brian Behlendorf – Founder & CTO, Collabnet • Mr Tom O‟Reilly – Founder, O‟Reilly Media • Mr Patrick Grady – Chairman & CEO, Rearden Commerce • Mr Tony Pizi – CIO Platform Engineering, Deutsche Bank Page | 11
  • 19. Product Teams - The engineering team –The engineers who work on the development, research, design and testing work fit into this category. Again divided according to the product they work on as Identity Server team, Gadget Server team etc.. The sales team – Deals with the customers and liaise between the customers and the developers. The marketing team – Works on marketing WSO2 products by means of sponsorships, advertisement campaigns, workshops, and webinars so on. Most of the events are organized with the guidance of marketing team having the whole WSO2 team support. The finance team – Takes care of the accounts, income, and expenditure of the company The administration team – Provides vital administration and human resource work handling salary payments, foreign visit arrangements etc... 1.6 WSO2 Products and Services The high level product categorization of WSO2 is as attached in annex, A4. In all these Enterprise Middleware Platform – Carbon, Cloud Middleware Platform – Stratos and Java PaaS – StratosLive, the following are the common servers that provide various services matching the environment that runs on. There are 12 servers as follows and I will only explain functionality of Identity Server as that is the server I worked in and got familiar with mostly.  WSO2 Application Server - for service hosting  WSO2 Enterprise Service Bus - for mediation services  WSO2 Message Broker for messaging services  WSO2 Data Services Server for managing data sources and data access  WSO2 Governance Registry and repository - for managing WSDL, schemas, policies, life cycles and versioning  WSO2 Gadget Server for portal services Page | 12
  • 20. WSO2 Web Services Frameworks for C, C++ and PHP – provide simple APIs for implementing web services and web service clients  WSO2 Identity Server - for authentication, single sign-on and access control  WSO2 Business Process Server(BPEL)  WSO2 Business Rules Server (JSR-94) For composing, orchestrating and monitoring business  WSO2 Complex Event Processing Server processes and activities.  WSO2 Business Activity Monitor (JMX)  WSO2 Mashup Server Identity Server (IS) The A1,2 image, in annex shows the architecture of the IS and A1,3 image shows the specifications of the server. It uses leading edge technologies to provide adjustable high security to web applications and web services. SAML 2.0, OpenID, OAuth, XACML, WS-Security are the standards that IS adhere to which are the latest technologies in security. It uses apache rampart, WSS4j and neethi modules in addition to other dependencies of ASF that are common to all WSO2 products. It integrates easily into existing user stores such as LDAP or Active Directory, supports multi- factor authentication and the cloud platform Stratos is totally secured by the IS. The most interesting part is no matter how complex the process is IS provides a good user experience making the developers life easy. For example IS provides a simple user interface to define a XACML policy, add it and remove it that allows even a person without a much knowledge in XACML can handle to use it. 1.7 Performance of WSO2 WSO2 has performed incredibly well when turn back and see the path it has come just in six years [2] and currently boosting that journey more with putting more resources and been more innovative. In addition to the praises from customers, WSO2 has won several highly recognized awards in the industry as follows: Page | 13
  • 21. Kuppinger Cole European Identity Award 2011 - WSO2 was recognized for the innovative features of its open source, multi-tenant WSO2 Identity as a Cloud Service  SD Times 100 Award - For the fourth consecutive year, WSO2 was recognized as one of the “top leaders and innovators” in the software industry by the editors of SD TIMES.  Red Herring Asia 100 Award - WSO2 was awarded the Red Herring Asia 100 Award in 2006 for being one of the most promising private technology companies in Asia.  InfoWorld Best Open Source Software (Bossie) Award - WSO2 was named InfoWorld 2009 Best of Open Source Software (Bossie) Award winner and recognized for delivering WSO2 Carbon  National Best Quality Software Awards (NBQSA) - WSO2 walked away with: -WSO2 Enterprise Service Bus : Gold Award under Infrastructure & Tools Category and Overall Gold Award. -WSO2 Gadget Server: Silver Award under Research & Development Category. -WSO2 Data Services Server: Bronze Award under Infrastructure & Tools Category. 1.7.1 Strengths 1. The high qualified, dedicated team – I see the WSO2 team, as the main strength of WSO2. The engineering team consists of best brains of Sri Lanka who are world-class architects and developers having experience and contributions at global industry. WSO2 has at least few committers from all the products WSO2 use from ASF. The marketing team has the best of the profession and sales team too. And various people coming from various backgrounds and fields shares the common objective of adding value to the company using their expertise in every way they can. For example the engineering team involve in marketing activities hugely through blogging and tweeting and all the teams work together co-operating with each other as one family. 2. Flexible working culture – In WSO2, employees have flexible working hours and not forced to work at a particular time. With this, company has made a very friendly connection with the employee that as well as they enjoy the freedom at work; in gratitude there is no need to ask them to work when some urgent need arises. Employees Page | 14
  • 22. voluntarily work with dedication as they in heart feel the need to contribute company back. Adapting flexible working culture is a challenge and its such a strength that WSO2 has been able to work out it in this way. 3. No support engineers – As there are no support engineers all the discussions with the customers and supporting are done by same engineers who build the system and live with it. As those engineers know the product very well any issue can be easily fixed and can be well explained to the customers. That way engineers get a good feeling on what the customer‟s need, what they should provide via the product and customer get a very fast and clear support for their maximum satisfaction. So I call this a strength of WSO2. 4. Innovative Carbon platform – No matter how nice we approach the customer, it is hard to long run a business if we do not have a good product to compete with the competitors. WSO2 has the very innovative carbon platform that allows them all these componentizing which satisfy the customer allowing them just to use what they want and just pay only for the services they use. The flexibility of the platform also allowed the WSO2 to present the first PaaS – StartosLive this soon, which Oracle said to come up with at 2015. The architecture of carbon platform best fits the today‟s enterprise need to have agile software that can shape up for the rapidly changing business needs. 5. Being an Open Source company - This is a great strength of the company in product view. As the source code is available for anyone to have a look, day by day the product improves identifying bugs and fixing them. Approaching the customers has become easy with this also that people do not hesitate to try the products and see the functionality as its free. Page | 15
  • 23. 1.7.2 Weaknesses There is no any major weakness I could identify at WSO2. Only thing I see is there is a little lack of documentation in some areas on using WSO2 products. There are so many blogs written by the engineers and WSO2-Oxygen Tank [5] provide lot of information on using products. But still with the number of products and services providing through the stack and different scenarios they can be used, there is a lack of documentation. The company has identified this already as a weakness and encouraging the staff to complete documentations well having more attention towards Oxygen Tank. 1.7.3 Service to Sri Lankan Society Bringing open source concept to Sri Lanka itself is a great service for the country that it‟s the most appropriate model matching. Through WSO2 lot of Sri Lankan talent has found a place in global industry becoming Apache committers etc. as WSO2 encourage personal development of the employees. WSO2 has contributed a lot to make Sri Lanka, the country having largest number of committers to the Apache Software Foundation outside the United States through this. Most of the computer science graduates consider going abroad for employment after the degree and having such a great place like WSO2 to work, being on own motherland is a great service the company is providing for the country, stopping it from loosing it‟s great resources. Encouraging going abroad for further studies, not just for employment WSO2 creates a well experienced work force for the future who have knowledge in leading edge technologies. Many WSO2 professionals provide mentoring to many undergraduate students who are doing their final year projects from many different universities in Sri Lanka and make university undergraduates getting exposed into the global software industry and acquire great achievements even through the internship they supports. WSO2Con is a perfect example for the fame the company is bringing in to Sri Lanka through the software industry. Lot of experts visited Sri Lanka to attend this event and at every possible occasion it show case the Sri Lankan culture. One day if middleware industry could become the key player of Sri Lankan economy, instead of garments, tea, rubber and house maids at middle- east, WSO2 will be the pioneer of that. Page | 16
  • 24. 1.8 Suggestions to Improve 1. As mentioned in 1.6.2 improving documentation through Oxygen Tank to cover all the key topics regarding the products is a great improvement to achieve. That way anyone who just falls into a product will feel comfortable trying things with that and will be able to understand the power of it. Also when a new release is out some of the content get not valid for newer version and these things should be clearly stated or modified accordingly. So having some mechanism to update the content will be very useful. 2. Currently WSO2 is operating in three offices in Sri Lanka which are just bit separating the developing crew to each place. For the sake of getting to know each other and in case any co-ordination need at development, it is better if all the crew can stay at one building having freedom to discuss with each other easily. Also as most of the customer base is from USA, it will be beneficial to have more developers in Palo Alto office at California meeting the customers and that will make it easy and fast to provide on-site support. Page | 17
  • 25. 2 Training Experience 2.1 Joining WSO2 Family At the very first day 28th Feb 2011, all fifteen of us selected to be interns at WSO2 were there and our details were confirmed and given new email addresses in wso2.com domain. Ms. Udeshika Rathnavira introduced us to the company premises, showed the pantry area and we were given laptops for the use at internship time. Mr. Samisa Abeysinghe, VP Engineering, WSO2, talked to us in the evening and added lot of valuable thoughts to us. He emphasized that there are no much rules and formality in the WSO2 culture and we are free to use any of the resource there in order to learn and question and suggest about anything. Also he highlights that it‟s in our hands to take full use of the given opportunity and the importance of the training received at internship period. These facts he pointed got engraved in my mind and was a good start. Also on the very first day we were given a task to be complete within a week as groups of five by Mr. Samisa Abeysinghe. A simple banking system was built in the very first week with my group formed with Malith Dhanushka, Hasitha Aravinda, Sumedha Sanjiva and Gokul Balakrishnan. The objective of this task was to have an idea about our java knowledge and object orientation concepts and informed us that GUI is not needed. First our group gathered and discussed the specifications related to the domain and drew a class diagram. As everyone is needed to code at least two java classes, we divided work concerning that and relevance. SVN was used to host the project and we developed the system discussing among ourselves resolving things as they arise. Mr. Afkham Azeez, Director of Architecture, WSO2 reviewed our code and give very useful comments to improve ourselves highlighting the mistakes we have done. He recommended few web sites and books for reference and emphasized that we should master an IDE, practicing the key board shortcuts. Effective Java (2nd edition), Java Pitfalls were among the recommended books. In a near date, we were assigned projects and I was given to „Implement SAML to XACML‟ which was regarding the WSO2 – Identity Server and we got a mentor to guide us on the project Page | 18
  • 26. and my mentor was Mr. Asela Bathberiya, Senior Software Engineer. With the friendly behavior of all the staff, it was a nice place to work and I found it very special in WSO2 that even a little mistake was not kept to hang on, that immediately it is corrected when noticed. High quality was kept not just in the code level but in all the levels of all the processes and environments. 2.2 Induction Ms. Udeshika Rathnawira - Senior Manager, Administration and HR with Ms Hasmin Abdulcader, Director marketing conducted an induction programme for fifteen of us and few employees who joined recently. It was a nice discussion done in a very friendly manner that resolved our doubts and introduced us to the company culture. They described us the flat hierarchy maintained within the organization and how each and every member of WSO2 family is treated equally. They emphasized us that we should call everyone by their preferred first name and not to use „Sir‟, „Madam‟, „Ayya‟ or „Akka‟. Hasmin briefly described about the business model of the company and little bit of history too. At WSO2, 3.30 pm is set as tea time and each individual is supposed to come downstairs to the lobby area at that time. She also mentioned that all members used to share experiences and have a chat with fellows while having a snack and we should know each other in the company. It was really great and possible that WSO2 family was only about 150 by that time. Apart for tea time, anyone was also totally free to come to lobby area, watch TV and have some drink to get refreshed while working. Also they told that there is no dress code that we are free to wear casually. What I realized with all these was WSO2 has really created the office free as home for everyone to work without any difficulty. We were informed that office hours are flexible, to make the life easier as they know intellectual work cannot be forced. Working from home is an available option for employees and as interns we were not given that privilege as it contrasts the objectives of internship. Hasmin further explained that as interns we will get lot of problems in doing things that we will need to get helps from the staff that is impossible if we stay at home and work. We were told that we are suppose Page | 19
  • 27. to be at office within 9am to 5pm and as we work on it was not that hard to stay at office that time as It was such a perfect place to work. 2.3 Development Environment OS – As an open source company most of the WSO2 employees were using Ubuntu, an open source linux OS and me too started to use Ubuntu as my primary OS. Installation of software including java installation were done using command line, Synaptic Package Manager and got familiar with setting up environment variables on .bashrc file that was so different from Windows. Though it was little difficult get used to at the beginning later I found that it is more effective than Windows OS I was used to. IDE – I was familiar with using NetBeans at university as lot of developers at WSO2 were using Intelli IDEA as their IDE tried to use that. The key-board centric IDE seemed fine for me and continued to master that IDE and worked using that. SVN - The primary mechanism of version controlling used at WSO2 is SVN. At the beginning only thing I did was checking out codes from WSO2 repo and later once we were given separate spaces there also committed the codes there and make them under version control. Maven – It‟s a very widely used open source software project management tool by Apache. Almost all the projects at WSO2 are managed using Maven with the pom.xml that describes the software project being built, its dependencies on other external modules and components, and the build order. That makes the project build process easy. I may have called the command „mvn clean install‟ more than 1000 times within the internship period to build projects. In fixing dependencies Maven take the load of the developer to download them and fix with the project. Instead it dynamically downloads Java libraries and Maven plug-ins from one or more repositories, reading the pom.xml at build time. Maven provides built-in support for retrieving files from the Maven2 Central Repository and other Maven repositories. Page | 20
  • 28. FindBugs – This is a recommended tool for all the developers at WSO2 to use on any of the code they write. The tool is so smart that it run through our code and analyzing the patterns, highlights where bugs are possible. To achieve high quality in coding with minimum bugs this is a great tool to use. TcpMon – This is a very much useful debug tool that allows viewing messages and resending them. We can set a listening port in TcpMon and it shows messages that come to the port and continue the message without any change. I hugely used this in testing the Entitlement Handler. SOAPUI – This is a widely used tool at WSO2 for all sorts of tests. It is a free and open source cross-platform functional testing solution. This is also used to trace messages as TcpMon and have more additional features. I needed this in implementing SAML to XACML as TcpMon was not capable of tracing secured messages. 2.4 Hands on Ws – Security The IS team works mainly focusing on the security of the web applications and services. It develops solutions for the growing challenge of the management of the identities of employees, vendors, partners, and customers across internal, shared, and SaaS services. IS is focused on winning this challenge of providing sophisticated identity solution in a easy to implement manner with minimum negative effects to the user experience and performance. In achieving this goal IS uses latest standards and technologies like SSO, OpenID, XACML and SAML. As the project I was assigned to complete was „Implement SAML to XACML‟ which was totally new to me I did not know where to start. Also the only knowledge I had on security was things I heard on hacking sites, viruses etc. and only solutions I knew were using a user name combined with a secret password that is long and hard to guess and using virus guard. Only after a discussion with my mentor, Mr. Asela Pathberiya, I got to know how vast the subject is and got passionate about the project. With given guidance I started to read the project specification document [4], though I hardly understood it and then had research on the related technologies and security concepts. Page | 21
  • 29. Following are the main concepts to be addressed in any system that is trying to provide security to a web service or an application.  Authentication - Identifying the person correctly  Authorization - Giving individuals access to resources based on their identity  Confidentiality - Ensuring that information is accessible only to those authorized to have access  Integrity - Data cannot be modified / tampered without authorization  Non repudiation - Ensuring that a party in a dispute cannot say “I didn't send such a message” In relevant to the project of me I understood that IS is achieving authorization in a fine-grained manner using XACML policies and Integrity and Non-repudiation is achieved through xml signatures. Username and password were used for basic authentication. Having these concepts in mind I was given tasks to begin with to get familiarized with the stuff. At first my mentor recommended me to get familiar with Axis2 and I followed a tutorial in „WSO2 Oxygen Tank‟ [5]. Following are the steps I followed 1. Wrote a web service and deployed it in Axis2 as a .war file. 2. Got the WSDL file and generated the stub classes. 3. Wrote the client to call the web service using the stubs. Doing this I got familiar with the IDE more and learned how to fix dependencies which I always fall into trouble due to some version miss match kind of thing. With this experience I went ahead in getting familiarized with WSO2- IS specific things. Page | 22
  • 30. 2.4.1 Sample Client for IS This sample was to show how to authenticate a user and to allow that user to access authorized resources (services), using the API of WSO2 IS. Simply this simulates few functions without the browser interface of the server. Scenario: After authentication, if user is authenticated having the role of 'admin', will have privileges to add or remove XACML policies, and evaluate them against sample requests. Following are the steps to be demonstrated. 1. Log into the server after authentication 2. Add a policy from local machine 3. Read the enabled policy of the server 4. Remove a policy 5. Evaluate the enabled policy against a request I used sample XACML policies and requests to observe the functionality and while doing that got familiar with writing XACML policies and requests, understanding how it is achieving fine- grained authorization. Here is a pattern of the policies used in testing the functionality: <Policy PolicyId="urn:sample:xacml:2.0:samplepolicy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" ><Description>Sample XACML Authorization Policy -01</Description> <Target> <Subjects>...</Subjects> <Resources>...</Resources> <Actions>...</Actions> </Target> <Rule>...</Rule> </Policy> Page | 23
  • 31. The Target element defines a set of conditions that must be met to pick up that policy and accordingly the rule get applied giving the decision „Permit‟ or „Deny‟. Here is how a XACML request will look like: <Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Subject>…</Subject> <Resource>…</Resource> <Action>…</Action> <Environment>…<Environment /> </Request> According to the OASIS profile of XACML 2.0,  The <Subject> element defines who wants to access and it may have many attributes defined inside as child elements.  Only one <Resource> element is allowed to be present in one decision request and it defines the request the Subject is trying to access.  Only one <Action> element is allowed to be present in one request and it defines the action the Subject wants t perform on the Resource. (eg. read)  <Environment> element carries attributes if present that are not associated with Subject, Resource or Action. (eg. IssueInstant) Depending on the policies enabled in the PDP a request may have the decision as „Permit‟, „Deny‟, „Indeterminate‟ or „NotApplicable‟ if a matching policy is not found. While working on this I got introduced to the functionality of IS, coding standards of WSO2 and XACML. Also learnt few deferent methods to convert WSDL to java using Axis2, in maven build and using browser UI of WSO2 - Enterprise Service Bus and I share that knowledge I gathered through two blog posts in my personal blog space, on „A sample on calling WSO2 IS Page | 24
  • 32. functionalities through the API‟ (http://pushpalankajaya.blogspot.com/2011/04/sample-on- calling-WSO2-identity-server.html) and „How to convert WSDL to Java‟ (http://pushpalankajaya.blogspot.com/2011/03/how-to-convert-wsdl-to-java.html). 2.4.2 Entitlement Handler After writing the above mentioned sample I got to realize the power of Identity Sever and how much function are happening when we just hit a button in the nice looking browser tab. As my next task I got a work that made me realize the power of Axis2 in deeper. The task was to refer the Entitlement Mediator code that already exists in WSO2 IS and to build the same functionality in an Axis2 handler. , 2.4.2.1 Building ‘Carbon’ platform As first I went through Entitlement Mediator code and could not understand many things. Read documentations and then decided to understand it observing its functionalities. For that I needed to build the mediator module and doing that I learnt lot of things. Though I could just fix the dependencies needed by the module and build it, my mentor suggested that it will be better I build the whole carbon platform. It was a challenging experience by then, that almost all the developers were committing new stuff fast, getting ready for the recent release. But finally when I finished building „Carbon‟, the platform, in whole, I had a better idea on what is „‟Carbon‟ and how WSO2 products are based on that while been componentized by OSGI framework. Also I got familiar with pom.xml file that is used in Maven build and how to fix dependencies and project properties through that. 2.4.2.2 Remote Debugging To observe the functionalities I needed to get familiar with the remote debugging tool of Intellij Idea, the IDE I used. It was a very helpful feature to debug and see the code functionalities when there were no „main‟ methods as I was used to. For the purpose of monitoring the passing messages I got familiar with using TCPMon and proceeded with understanding the Entitlement Mediator using the new tools. Page | 25
  • 33. 2.4.2.3 The Handler As Entitlement Mediator is based on Apache Synapse, it has characteristics related with it and the Entitlement Hander is based on Apache Axis2 which gives different characteristics [6]. In contrast with synapse-mediators, axis2-modules give the facility to interleave handlers in a smart way using partial orderings and policy-driven model of configuring modules (through axis2.xml, module.xml) is unique to Axis2 which will allow applying the handler in selection of service level. With that rough understanding I started to get familiar with the structure of an Axis2-Handler, running through an existing handler in the IS. With all these I got a better understanding on what needs to be done and following is the architecture of the Entitlement Handler. Scenario: When the Entitlement Module which includes the Entitlement Handler, is engaged to a particular service before letting the client consume the service, the handler check whether the client is authorized to perform that action on the service. What handler does is 1. Read the relevant parameters from the Axis2 message context (Only support Username Token authentication for now) 2. Build a XACML request according to the read parameters 3. Pass the XACML request to a previously configured PDP and get the decision 4. Depending on the decision from PDP, continue the message or drop it without letting reach the service. Page | 26
  • 34. Figure 2.1 Entitlement Handler Structure 2.4.2.4 Packaging the Entitlement Handler To place the handler in a message path it should be included in a module. Following are the basic essentials for any axis2 handler to meet the intended functionalities that I followed. 1. Created the Module Implementation – There must be a class that implements „org.apache.axis2.modules.Module‟. 2. Created the Handlers – There can be one or more handlers and they can be ordered in module.xml. Each handler class should implement org.apache.axis2.engine.Handler interface 3. Created the module.xml as follows Page | 27
  • 35. <module name="EntitlementHandler" class="org.WSO2.carbon.identity.entitlement.axis2handler.EntitlementModule"> <Description> The entitlement handler module extracts the user name, resource and action from the passing axis2 message context and creates a XACML request with the details. Then pass it to the set up PDP and continue or drop the message, according to the decision from PDP. </Description> <InFlow> <handler name="EntitlementHandler" class="org.WSO2.carbon.identity.entitlement.axis2handler.EntitlementHandler"> <order phase="EntitlementPhase"/> </handler> </InFlow> <parameter name="remoteServiceUrl">https://localhost:9443/services/</parameter> <parameter name="remoteServiceUserName">admin</parameter> <parameter name="remoteServicePassword">admin</parameter> <parameter name="remoteIp">127.0.0.0</parameter> <parameter name="decisionEvaluatorClass"></parameter> <parameter name="trustStoreLocation">/home/pushpalanka/Installations/WSO2is- 3.0.1/resources/security/WSO2carbon.jks</parameter> <parameter name="trustStorePassword">WSO2carbon</parameter> </module> Deployment configuration of the Entitlement Module was done using the above module.xml file. A module can be placed in one or more of the following flows in an Axis2 server.  InFlow - Represents the handler chain that will run when a message is coming in.  OutFlow - Represents the handler chain that will run when the message is going out. Page | 28
  • 36. OutFaultFlow - Represents the handler chain that will run when there is a fault, and the fault is going out.  InFaultFlow - Represents the handler chain that will run when there is a fault, and the fault is coming in. As seen in the file, Entitlement Handler is placed in the InFlow and the module only includes one handler. Flexibility of a module is that, at deployment, the module can be configured according to the context modifying this file. The parameters defined above file are the configurations used in my local machine for testing purposes and are read at deployment. Later when handler is in run the read in parameter are used in functions. 4. Modified the "axis2.xml" to add the custom phase (In this case defined Entitlement phase after the security phase) ... <phaseOrder type="inflow"> <!-- System pre defined phases --> <phase name="Security"/> ... <!-- System pre defined phases --> <!--After Postdispatch phase module author or service author can add any phase he wants --> <phase name="EntitlementPhase"/> </phaseOrder> ... Page | 29
  • 37. 5. Package in a ".mar" (Module Archive) with the following format Figure 2.2 Inside .mar file Entitlement Handler 6. Deploy the module in Axis2 – Creation of a directory with the name "modules" in the "webapps/axis2/WEB-INF" directory of the servlet container, and then copying the ".mar" file to that directory 7. Add the line „<module ref="EentitlementModule"/>‟ in services.xml to informs the Axis2 engine that the module " EentitlementModule " should be engaged for this service.  The Entitlement Hanlder allows user to configure it for any other PDP, if user is not using WSO2 – IS. This is achieved with the help of flexibility given by module.xml. EntitlementDecisonEvaluator is the interface that user should implement in a class and define how to call the PDP and get the decision. CarbonEntitlementDecisonEvaluator is that implementation done for WSO2 – IS. Testing To test the handler for intended functionalities used remote debugging and wrote a simple client that uses UsernameToken for authentication and a service that is secured by a ws-policy. Page | 30
  • 38. 2.5 Implement SAML to XACML With the experience got implementing the Entitlement Handler I could now understand what needs to be done here, very well. With guidance of my senior mentor Mr. Prabath Siriwardena, It was found that this can be easily implemented using the openSource library OpenSAML, which was already used in IS. I was advised to get familiar with the OpenSAML API before starting implementation and so I went through several examples and tried to understand the pattern of coding with the API. This exercise was very useful for me not to get confused when start implementation and I could focus more on the logic. Problems When I started a new project in IDE and tried to implement having OpenSAML library as an dependency it gave me a very descriptive error message that “OpenSAML requires an XML parser that supports JAXP 1.3 and DOM3. The JVM currently configured to use SUN XML parser, which is known to be buggy, and cannot be used with OpenSAML. Please endorse a functional JAXP library such as Xerces and Xalan.” As the error message says the solution too, I tried endorsing the mentioned libraries in my JAVA installation. But still there was an error in bootstrapping the OpenSAML library. Solutions After trying various other things, my mentor came up with idea that as Identity Server is already endorsed with those libraries to work with OpenSAML and I can start coding inside the source code of IS, build it with Maven and observe functionalities using remote debugging. This was a perfect solution than bothering to endorse the libraries newly and need not have any issue later in integrating this with IS as I already trying to implement it inside. Also fixing correct dependencies was automatically done with IS plug-ins and I got familiar with the source code of IS more. After having hands on building XMLObjects using OpenSAML and getting familiar with how the API behaves, thoroughly went through the specification document again having attention to each and every word. Had few doubts regarding few things in the specification document and Page | 31
  • 39. discussing with the mentor clarified them all, having assistance of the IS-team too. Figure 2.3 shows the flow from the XACML request, until it get the decision in plain text, having secured inter-server communication. First approach was for XACML request to wrap into an OpenSAML - XADQ (XACMLAuthzDecisionQuery) which seemed comparatively less complex than the Response side. Then at PDP the XACML request is extracted only if the signature and issuer are validated correctly that guarantees the message in not altered. The received XACML request is then forwarded to the PDP and get the decision as a java string. The received java string is then unmarshalled into a XACML response object in OpenSAML library and wrapped into a SAML response which is signed with private key and certified. Then at PEP the message is validated against signature and issuer and read the decision given from the PDP to the previously sent request. Page | 32
  • 40. PEP (Policy Enforcement Point) PDP (Policy Decision Point) XACML request (String) XACMLAuthzDecisionQuery (String) unmarshall Unmarshall XACMLAuthzDecisionQueryType XACMLAuthzDecisionQueryType (XMLObject) (XMLObject) Validate (Issuer/Signature) SAML XADAQ Get decision for request Set attributes (Issuer/Signature) marshall XACML response (String) XACMLAuthzDecisionQuery (String) XACMLResponse SAML Response (String) XACML response (String) Unmarshall unmarshall Response (XMLObject) ResponseType (XMLObject) Validate (Issuer and Signature) Wrap with DecisionStatementType (XMLObject) Get Assertion SAMLResponse Wrap with Assertion including issuer Validate Issuer Wrap with SAML response including Get Statement issuer and signature marshall Get XACML Response SAML Response (String) Get Decision Figure 2.3 Flow of secured server to server communication Page | 33
  • 41. A sample XACML request used: <xacml-context:Request xmlns:xacml- context="urn:oasis:names:tc:xacml:2.0:context:schema:os"> <xacml-context:Subject> <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="testissuer"> <xacml-context:AttributeValue>admin</xacml-context:AttributeValue> </xacml-context:Attribute> </xacml-context:Subject> <xacml-context:Resource> <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <xacml-context:AttributeValue>http://localhost:8280/services/echo/ </xacml-context:AttributeValue> </xacml-context:Attribute> </xacml-context:Resource> <xacml-context:Action> <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <xacml-context:AttributeValue>read</xacml-context:AttributeValue> </xacml-context:Attribute> </xacml-context:Action> <xacml-context:Environment/> </xacml-context:Request> Page | 34
  • 42. After making XACMLAuthzDecisionQuery out of the above request: <xacml-samlp:XACMLAuthzDecisionQueryType InputContextOnly="true" IssueInstant="2011- 09-23T08:20:47.384Z" ReturnContext="false" Version="2.0" xmlns:xacml- samlp="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol"> <saml:Issuer SPProvidedID="SPPProvierId" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> https://XACMLPDP.example.com <m/saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="ds saml xacml-context xacml-samlp" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>cf2rlbqqDa5lwvoAKwRcLUxhaco=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>AwhSsvaV3Y0Ne97TARUlce5H1bS3F2/MHl7QJ4gVddjsR+O2fvG8Kz0 kE9Y6zbA+zotfmPbvK2TgCOz+LVZw2Clcn+4uJ/RZlOSbnlxmQyNgWT2vqMoEf83q+HiLE0 afZv42gw1k=</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQs wCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZp Page | 35
  • 43. ZXcxDTALBgNVBAo+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6F jFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEt VZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <xacml-context:Request> …</xacml-context:Request> </xacml-samlp:XACMLAuthzDecisionQueryType> Following is the Structure of the above XACMLAuthzDecisionQueryType XACMLAuthzDecisionQueryType Signature Signed Info XACML Request Figure 2.4 The Structure of the XACMLAuthzDecisionQueryType For the XACML response also a sample response was used and generated the SAML response in same kind of procedure meeting the constraints mentioned in the OASIS - SAML to XACML profile which was bit more complex than creating the XACMLAuthzDecisionQuery. The inputs and output looks as follows. Page | 36
  • 44. A sample xacml response that will come as the decision from pdp: <xacml-context:Response xmlns:xacml- context="urn:oasis:names:tc:xacml:2.0:context:schema:os"> <xacml-context:Result ResourceId="CE.pakgrid.org.pk:2119/jobmanager-lcgpbs- dteam/dteam"> <xacml-context:Decision>Permit</xacml-context:Decision> <xacml-context:Status> <xacml-context:StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> </xacml-context:Status> <xacml-context:Obligations xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"> <xacml-context:Obligation FulfillOn="Permit" ObligationId="MappingData"> <xacml-context:AttributeAssignment AttributeId="User" DataType="http://www.w3.org/2001/XMLSchema#string">.poolname</xacml- context:AttributeAssignment> </xacml-context:Obligation> </xacml-context:Obligations> </xacml-context:Result> </xacml-context:Response> The response says whether to allow the request to reach the service or not as the decision given from PDP according to the enabled policies. Page | 37
  • 45. A Sample SAML Response That Will Come To PEP From PDP: <samlp:Response IssueInstant="2011-09-23T08:24:35.878Z" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <saml:Issuer SPProvidedID="SPPProvierId" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://XACMLPDP.example.com</saml :Issuer> <saml:Assertion ID="ohncaenlemlghggmfdncjionjejaimfnpckmaofj" IssueInstant="2011-09- 23T08:24:35.809Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer SPProvidedID="SPPProvierId" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://XACMLPDP.example.com</saml :Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#ohncaenlemlghggmfdncjionjejaimfnpckmaofj"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="ds saml xacml-context xacml-saml" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>JaEObAc3AhIxT3cdovUIFElsn5E=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>dGRvdBmjOFTNsgHmVreFm400JMYFPHvOq/O3V0EQNad6eeiFU6KA us+1u8FkS7JEg5Q66z2VfKJ7xF+fTwBLhi0fZdFsYJebtuzOld2ostvyXbdL2f5Noxj3p1Ir1Cm3n wR+QK5k9FjT2T6xCw6AdvzcbzFImhsiO/DE1yv2QdY=</ds:SignatureValue> Page | 38
  • 46. <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQs wCQYDVQQGEwJVUzELMAkGA1UECAwQCUp/oV1vWc8/ TrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPA wDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rH ANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9J ogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Statement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xacml- saml="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xacml- saml:XACMLAuthzDecisionStatementType"> <xacml-context: Response >…</xacml-context:Response> </saml:Statement> </saml:Assertion> </samlp:Response> Following is the Structure of the above XACMLAuthzDecisionQueryType Page | 39
  • 47. SAML Response SAML Assertion Statement XACML Response Figure 2.5 The Structure of the SAML Response In achieving security at server to server communication in this context, the signing process plays a great role. It helps to avoid following two issues.  Tampering - Information in transit is changed and then sent on to the recipient.  Impersonation - Information passes to a person who pretends to be the intended recipient  It was noted that adding the signature in this way does not provide confidentiality and also it is not a requirement in the context. Completing this project, I got familiar with this concept of signing with pubic keys and private keys. Though it looks like an unreadable scratch for human eye, in the above given sample queries and responses, it involves a lot of logic and calculations to provide secured transformation of information. Page | 40
  • 48. Signing • Document to be Signed • In Entitlement handler SAML Assertion or XACMLAuthzDecisionQuery • Calculate document finger print with an algorithm • Encrypt it with private key and set X509Certificate and and the public key • Generate digitally signed document embedding the signature into it Figure 2.6 Signing Procedure Validation • Access the received docment and the digital signature seperately • Calculate the finger print using the same algorithm used • Decrypt the encrypted finger print sent with signature, using the public key of the sender • Comapre the calculated and decrypted finger prints • If they are same the message is not been altered Figure 2.7 Validation Process Page | 41
  • 49. Signing in code level private static Assertion setSignature(Assertion assertion, String signatureAlgorithm, X509Credential cred) throws IdentityException { doBootstrap(); Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(cred); signature.setSignatureAlgorithm(signatureAlgorithm); Signing object is also passed as it is needed signature.setCanonicalizationAlgorithm to create the (Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); fingerprint KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME); String value = org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded()); cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); assertion.setSignature(signature); List<Signature> signatureList = new ArrayList<Signature>(); signatureList.add(signature); //Marshall and Sign MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Page | 42
  • 50. Marshaller marshaller = marshallerFactory.getMarshaller(assertion); marshaller.marshall(assertion); Signer sign with the build signature that is set with org.apache.xml.security.Init.init(); keyinfo that includes the X509 certificate built Signer.signObjects(signatureList); from credentials return assertion; } It should be mentioned that with the OpenSAML library, signing and validation process can be more easily done instead of the complexity behind the process. 2.6 Other Technical Experiences 2.6.1 Apache Team This was a voluntary work that I joined with my interest to learn more on Apache products. This was a wonderful experience that we were introduced how to contribute ASF. This was done in milestone pattern that we met at the beginning and had a discussion which was guided by Mr. Sagara Gunathunga, Committer/PMC member at The Apache Software Foundation and Tech Lead at WSO2 and set bi-weekly milestone. Then again we meet after two weeks, review what we have done and set next milestone. I started my work with trying to write a sample for Apache-Transport-SMS module and had to pause it for a while as I got stuck with installing Java Communication API in my machine. I was advised not stay stuck in that and to proceed with solving some other issues in Apache jira and resolved following documentation issues and wrote a post on my blog on „Documentation-patch submission for Apache issues‟ (http://pushpalankajaya.blogspot.com/2011/09/documentation- patch-submission-for.html) hoping someone at the beginning of contributing Apache will be benefitted. Page | 43
  • 51. 1. Client.java in UserGuide has syntax errors - https://issues.apache.org/jira/browse/AXIS2- 4655 2. Configuration guide should clearly state the root elements and locations for axis2.xml services.xml and module.xml - https://issues.apache.org/jira/browse/AXIS2-5069 3. RESTClient documentation example differs from RESTClient.java source file - https://issues.apache.org/jira/browse/AXIS2-5138 Problem – Installation of Java Communication API was not successful even when followed the steps in the guide and could not call the web service using a SMS. Solution – Consulted several senior employees to catch the error and tried lot of options including changing the OS to Windows. Finally found that developer of the SMS module is also a employee at WSO2, Mr. Charith Wickramasinghe, who was on abroad and contacted him via email and got guidance. With that could resolve the problem. Have to add the following files in Axis2-HOME/lib directory and should pay attention to match the versions using.  axis2-transport-sms-1.0.0.jar smslib-3.4.1.jar  mail-1.4.jar axis2-transport-base-1.0.0.jar For Java Communication API installation should copy following files to jre-home/lib/ext/ directory and if does not work well should try copying to Axis2-Home/lib.  comm.jar  libLinuxSerialParallel.so  libLinuxSerialParallel_g.so As next step I have to document this properly and submit the patch explaining the procedures and as I gave priority to my main task this work was bit delayed. But as getting introduced to the Apache community was the hard part, now I can proceed with this individually though I am out of company. So I think I did the right thing giving priority to my main project „Implement SAML to XACML‟ as it was my responsibility and this is my voluntary work that I can continue even later. Page | 44
  • 52. 2.6.2 Training Sessions After the release of Stratos, the cloud platform, WSO2 started a weekly training program which was conducted by senior employees on topics suggested by the rest of staff and things that are recognized as important. Every Wednesday from 10.30 – 12.30 this was conducted and in moodle we could get registered for interested courses and learn new things. This was a great opportunity for us to learn from the industry experts on what is needed in the industry and I participated in the following sessions HTTP Basics – Got introduced to how the web works basically and wrote the first ever servlet I wrote in my life. WS- security Basics – Got clarified few of the security concepts I had some ambiguities and learnt more on PKI XML basics – Learnt that XML is not just typing something with tags and got familiar with namespace and shema 2.7 Other Non – Technical Experiences In addition to the technical exposure I got at WSO2, there were so many activities I got exposed within the internship period. WSO2 did not treat us in a different way as interns and gave all the opportunities to participate in the events organized at office and enjoy with the staff. 2.7.1 Demonstration Before I got my 6 weeks leave from WSO2 to take part in MIT-UOM mobile technology incubation program I did a presentation on the work I did so far. It was held at the board room of WSO2 office at #59 and Dr. Sanjiva Weerawarna, CEO, Dr. Srinath Perera, senior software architect and member of IS team including Mr. Prabath Siriwardena and my mentor Mr. Asela Pathberiya. I got to know about this just a day before and anyway was a challenging experience. I tried to present the Entitlement Handler that I have finished and while trying to demonstrate it in action Page | 45
  • 53. failed. Later I found that I have forgotten to start the server in debug mode and anyway no one there depressed me and just encouraged me to continue the presentation and I explained it‟s functionality without the demonstration.  This was a nice lesson I learnt to my life not to panic in such situations and glad that I continued the presentation well without it. I learnt that we should always be prepared for such things can go wrong sometimes and pretty sure that next time I will be more defending for such situation with backup plans. I also presented my proceedings in implementing SAML to XACML and this initiated a discussion among the board on how things are going to be done and where this implementation is going to reside in the architecture. It was also a very nice experience for me that I could be there and see how things are decided at WSO2 with discussion that are so informally done giving freedom for anyone to put up their ideas and support ideas with thoughts. This demonstration is an unforgettable experience for my life and encouraged me to work hard and I am so grateful for the given opportunity. Also there were two training visits from the department during the internship time period. The first visit was by Dr. Rapti de Silva and the last one was by Mr. Thilak Fernando from the Department of Computer Science and Engineering. I explained my experience at WSO2 to them and both of them gave me a good feedback and advised me to carry on the good work. 2.7.2 WSO2 Annual Trip This year annual trip of WSO2 family was to Heritance Kandalama and lot of events was organized to make it more fun for three days. We had so many luxury facilities there with the courtesy of WSO2 and gathered so many beautiful memories. This was a great chance to meet office staff in a non-official environment and they all treated us so friendly. Following are two major activities which were held during the trip and I enjoyed very much. It was a great gift given by the company for its employees to enjoy with their families getting rid of day to day office work. Page | 46
  • 54. 2.7.2.1 Awurudu Games As it was Singhalese and Tamil New Year season there was an event organized by the company at the hotel premises. It was full lot of fun awurudu games and I too participated on several of them. All the staff members and their family members participated in this event and catching eggs, passing ice and adults event for eating buns were few hits there. All enjoyed the event maximum and felt the spirit and beauty of the WSO2 family. 2.7.2.2 CSR Activity Being at Heritance Kandalama, we did not just enjoy the luxury and stay, but also worked for the spiritual relief and happiness. Here (http://pushpalankajaya.blogspot.com/p/csr-activity-with- wso2-staff.html) is the blog page I wrote on this experience with the great pleasure I had, been a contributor in the event. After „Awurudu games‟ we visited Bellane Oya Primary School which was a less privileged school and it was an idea of Dr. Sanjeewa Weerawarana, CEO of the company to help such a school in the area. Funds were raised with contribution of both the company and employees and finally volunteers could join in visiting the school, helping out them in clearing an area for playground and checking for what else they need. They warmly welcomed us when we approach there which was through a very narrow road and this reminded me of my primary education at Kirindiwela Maha Vidyalaya, which was a bit same as this school in background and this really guided me to my childhood. In his address to the school children Dr. Sanjeewa mentioned that lot of employees of the company were like those kids a time ago and emerged with courage. His intention of that was to encourage the students and I am sure that at least few of them have raised their hopes and courage with that. It would be a great occasion, if one of them can make it to WSO2 for their career in the future. Page | 47
  • 55. 2.7.3 Sports, Entertainment and other activities The office premises of WSO2 is arranged more like to be a home with all the facilities for the staff to work in a free environment, enjoying whatever they are doing. There is even a basketball-court in the office premises and staff normally plays there at the evenings. In addition to basketball court there are so many other activities available to enjoy at any time we are feeling bored. Near lunch area there is carom- board, a foosball table and arrangements to play table tennis, which I used to gather some team after lunch or tea and play for few minutes. This was a great facility arranged there to relax bit, stretching our hands after working in front of laptop and to work again refreshed. Also it was a place I got to know many of the staff. In the Wesak season all the Wesak lanterns that decorated the office were made my office staff together and there is a television at lobby area and in important occasion people gather there and watch together. At the earlier days of my internship at WSO2 each Friday there was a special talk by Dr. Sanjiva regarding many aspects including the history of WSO2, future of WSO2, and also about importance of blogging for the company as a marketing method specific for a middleware and open source of company. I can very well remember one thing he mentioned that never to write anything that we do not truly believe and to have the responsibility of whatever we write. He gave lot of tips to improve ourselves as WSO2 promote personal branding of employees and he so freely shared his experience and updated the staff on this going on regarding company including the funds company received, new customers found, profits, growth and point out any weaknesses and encourage people to do their maximum. I think this is a great idea to talk to staff each week as whole and was so inspiring. All these just represent the close connection inside the WSO2 family. Page | 48