SlideShare ist ein Scribd-Unternehmen logo

Access control patterns

WSO2
WSO2
BusinessTechnologie
1 von 26
Downloaden Sie, um offline zu lesen
Access  Control  Pa.erns  &  Prac0ces   with     WSO2  Middleware     Prabath  Siriwardena      
About  Me   •  Director  of  Security  Architecture  at  WSO2   •  Leads  WSO2  Iden8ty  Server  –  an  open  source  iden8ty  and   en8tlement  management  product.   •  Apache  Axis2/Rampart  commiCer  /  PMC   •  A  member  of  OASIS  Iden8ty  Metasystem  Interoperability   (IMI)  TC,  OASIS  eXtensible  Access  Control  Markup  Language   (XACML)  TC  and  OASIS  Security  Services  (SAML)  TC.   •  TwiCer  :  @prabath   •  Email  :  prabath@apache.org   •  Blog  :  hCp://blog.facilelogin.com   •  LinkedIn  :  hCp://www.linkedin.com/in/prabathsiriwardena    
     Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)
    With the Discretionary Access Control, the user can be the owner of the data and at his discretion can transfer the rights to another user.
    With Mandatory Access Control, only designated users are allowed to grant rights and, users cannot transfer them.
    All WSO2 Carbon based products are based on Mandatory Access Control.
    Group is a collection of Users - while a Role is a collection of permissions.
    Authorization Table vs. Access Control Lists vs. Capabilities
    Authorization Table is a three column table with subject, action and resource.
With Access Control Lists, each resource is associated with a list, indicating, for each   subject, the actions that the subject can exercise on the resource.  
With Capabilities, each subject has an associated list, called capability list, indicating,   for each resource, the accesses that the user is allowed to exercise on the resource.  
    Access Control List is resource driven while capabilities are subject driven.
    With policy based access control we can have authorization policies with a fine granularity.
    Capabilities and Access Control Lists can be dynamically derived from policies.
    XACML is the de facto standard for policy based access control.
    XACML provides a reference architecture, a request response protocol and a policy language.
XACML  Reference  Architecture   Policy  Administra0on   Point  (PAP)   Policy  Decision  Point   (PDP)   Policy  Store   Policy  Enforcement  Point   (PEP)   Policy  Informa0on  Point   (PIP)  
WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (STS)   WSO2  Applica0on  Server   (SOAP  Service)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0ons  (Capabili0es)   SAML  token  request   Client  Applica0on   SAML  token  with   Authen0ca0on     and     Authoriza0on  Asser0on   +   Service  Request  
WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (SAML2  IdP)   WSO2  Applica0on  Server   (Web  Applica0on)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0on  (Capabili0es)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
Role  Based  Access  Control   WSO2  Applica0on  Server   (SOAP  Service)   Client  Applica0on   Service  Request  +  Creden0als   WSO2  ESB   (Policy  Enforcement   Point)   RBAC  
WSO2  ESB  as  the  XACML  PEP  (SOAP  and  REST)   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   WSO2  Applica0on  Server   (SOAP  Service)   XACML  Request   WSO2  ESB   (Policy  Enforcement   Point)   Client  Applica0on   Service  Request  +  Creden0als  
XACML  PEP  as  a  Servlet  Filter   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   XACML  Request   XACML    Servlet  Filter   Client  Applica0on   WSO2  Applica0on  Server   Service  Request  +  Creden0als  
OAuth  +  XACML   WSO2  Iden0ty  Server   (OAuth   Authoriza0on  Server)   XACML     Request   Validate()   XACML  Response   WSO2  Iden0ty  Server   (XACML  PDP)   API  Gateway   Access   Token   Client  Applica0on  
Authoriza0on  with  External  IdPs  (Role  Mapping)   WSO2  Iden0ty  Server   IdP   Groups   External  SAML2  IdP   (Salesforce)   SAML  token  with  Authen0ca0on     and  A.ribute  Asser0ons  with  IdP  groups   Web  App     roles   WSO2  Applica0on  Server   (Web  Applica0on)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
      Liferay  Portal                             XACML  Mul0ple  Decisions  and     Applica0on  Specific  Roles   XACML  Request   WSO2  Iden0ty  Server   (XAML  PDP)   XACML  Response   Login  
lean  .  enterprise  .  middleware  

Empfohlen

FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
Tatsuo Kudo
 
スイッチ・ルータのしくみ
スイッチ・ルータのしくみスイッチ・ルータのしくみ
スイッチ・ルータのしくみ
ogatay
 
What is bridge mode
What is bridge modeWhat is bridge mode
What is bridge mode
LisaRay43
 
KubernetesのRBACを掘り下げてみる(Kubernetes Novice Tokyo #17 発表資料)
KubernetesのRBACを掘り下げてみる(Kubernetes Novice Tokyo #17 発表資料)KubernetesのRBACを掘り下げてみる(Kubernetes Novice Tokyo #17 発表資料)
KubernetesのRBACを掘り下げてみる(Kubernetes Novice Tokyo #17 発表資料)
NTT DATA Technology & Innovation
 
Ingress on Azure Kubernetes Service
Ingress on Azure Kubernetes ServiceIngress on Azure Kubernetes Service
Ingress on Azure Kubernetes Service
Toru Makabe
 
20150523 chatwork continuous delivery
20150523 chatwork continuous delivery20150523 chatwork continuous delivery
20150523 chatwork continuous delivery
Yoshinori Fujiwara
 
負荷試験ツールlocustを使おう
負荷試験ツールlocustを使おう負荷試験ツールlocustを使おう
負荷試験ツールlocustを使おう
iRidge, Inc.
 
FIWARE 概要 - FIWARE WednesdayWebinars
FIWARE 概要 - FIWARE WednesdayWebinarsFIWARE 概要 - FIWARE WednesdayWebinars
FIWARE 概要 - FIWARE WednesdayWebinars
fisuda
 

Empfohlen

FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
Tatsuo Kudo
 
スイッチ・ルータのしくみ
スイッチ・ルータのしくみスイッチ・ルータのしくみ
スイッチ・ルータのしくみ
ogatay
 
What is bridge mode
What is bridge modeWhat is bridge mode
What is bridge mode
LisaRay43
 
KubernetesのRBACを掘り下げてみる(Kubernetes Novice Tokyo #17 発表資料)
KubernetesのRBACを掘り下げてみる(Kubernetes Novice Tokyo #17 発表資料)KubernetesのRBACを掘り下げてみる(Kubernetes Novice Tokyo #17 発表資料)
KubernetesのRBACを掘り下げてみる(Kubernetes Novice Tokyo #17 発表資料)
NTT DATA Technology & Innovation
 
Ingress on Azure Kubernetes Service
Ingress on Azure Kubernetes ServiceIngress on Azure Kubernetes Service
Ingress on Azure Kubernetes Service
Toru Makabe
 
20150523 chatwork continuous delivery
20150523 chatwork continuous delivery20150523 chatwork continuous delivery
20150523 chatwork continuous delivery
Yoshinori Fujiwara
 
負荷試験ツールlocustを使おう
負荷試験ツールlocustを使おう負荷試験ツールlocustを使おう
負荷試験ツールlocustを使おう
iRidge, Inc.
 
FIWARE 概要 - FIWARE WednesdayWebinars
FIWARE 概要 - FIWARE WednesdayWebinarsFIWARE 概要 - FIWARE WednesdayWebinars
FIWARE 概要 - FIWARE WednesdayWebinars
fisuda
 
FIWARE Big Data Ecosystem : Cygnus and STH Comet
FIWARE Big Data Ecosystem : Cygnus and STH CometFIWARE Big Data Ecosystem : Cygnus and STH Comet
FIWARE Big Data Ecosystem : Cygnus and STH Comet
fisuda
 
急速に進化を続けるCNIプラグイン Antrea
急速に進化を続けるCNIプラグイン Antrea 急速に進化を続けるCNIプラグイン Antrea
急速に進化を続けるCNIプラグイン Antrea
Motonori Shindo
 
Fargate起動歴1日の男が語る運用の勘どころ
Fargate起動歴1日の男が語る運用の勘どころFargate起動歴1日の男が語る運用の勘どころ
Fargate起動歴1日の男が語る運用の勘どころ
Yuto Komai
 
運用現場で常に隣り合わせの障害対応、IIJの出した答え
運用現場で常に隣り合わせの障害対応、IIJの出した答え運用現場で常に隣り合わせの障害対応、IIJの出した答え
運用現場で常に隣り合わせの障害対応、IIJの出した答え
IIJ
 
[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희
NAVER D2
 
ZabbixでDockerも監視
ZabbixでDockerも監視 ZabbixでDockerも監視
ZabbixでDockerも監視
Atsushi Tanaka
 
世界と日本のDNSSEC
世界と日本のDNSSEC世界と日本のDNSSEC
世界と日本のDNSSEC
IIJ
 
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
NTT DATA Technology & Innovation
 
製造装置データ収集の選択肢 (AWS IoT Deep Dive #5)
製造装置データ収集の選択肢 (AWS IoT Deep Dive #5)製造装置データ収集の選択肢 (AWS IoT Deep Dive #5)
製造装置データ収集の選択肢 (AWS IoT Deep Dive #5)
Amazon Web Services Japan
 
【de:code 2020】 Power Virtual Agents : ノーコードでボットを作ろう
【de:code 2020】 Power Virtual Agents : ノーコードでボットを作ろう【de:code 2020】 Power Virtual Agents : ノーコードでボットを作ろう
【de:code 2020】 Power Virtual Agents : ノーコードでボットを作ろう
日本マイクロソフト株式会社
 
【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮
【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮
【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮
Hibino Hisashi
 
JAWS-UG CLI #25 LT - AWS Tools for Windows PowerShellでログを取得
JAWS-UG CLI #25 LT - AWS Tools for Windows PowerShellでログを取得JAWS-UG CLI #25 LT - AWS Tools for Windows PowerShellでログを取得
JAWS-UG CLI #25 LT - AWS Tools for Windows PowerShellでログを取得
Nobuhiro Nakayama
 
ぼうけんにでかけよう Kubernetes KEDA
ぼうけんにでかけよう Kubernetes KEDAぼうけんにでかけよう Kubernetes KEDA
ぼうけんにでかけよう Kubernetes KEDA
Tsukasa Kato
 
【SecurityJAWS】Kibana Canvasで魅せる!AWS環境における脅威分析ユースケース
【SecurityJAWS】Kibana Canvasで魅せる!AWS環境における脅威分析ユースケース【SecurityJAWS】Kibana Canvasで魅せる!AWS環境における脅威分析ユースケース
【SecurityJAWS】Kibana Canvasで魅せる!AWS環境における脅威分析ユースケース
Hibino Hisashi
 
自宅インフラの育て方 第2回
自宅インフラの育て方 第2回自宅インフラの育て方 第2回
自宅インフラの育て方 第2回
富士通クラウドテクノロジーズ株式会社
 
[JAWS-UG Tokyo 32] AWS Client VPNの特徴
[JAWS-UG Tokyo 32] AWS Client VPNの特徴[JAWS-UG Tokyo 32] AWS Client VPNの特徴
[JAWS-UG Tokyo 32] AWS Client VPNの特徴
Shuji Kikuchi
 
PCIDSSで学ぶNeuVectorの基礎(Kubernetes Novice Tokyo #21 発表資料)
PCIDSSで学ぶNeuVectorの基礎(Kubernetes Novice Tokyo #21 発表資料)PCIDSSで学ぶNeuVectorの基礎(Kubernetes Novice Tokyo #21 発表資料)
PCIDSSで学ぶNeuVectorの基礎(Kubernetes Novice Tokyo #21 発表資料)
NTT DATA Technology & Innovation
 
ランサムウェアのおはなし
ランサムウェアのおはなしランサムウェアのおはなし
ランサムウェアのおはなし
Shiojiri Ohhara
 
L2延伸を利用したクラウド移行とクラウド活用術
L2延伸を利用したクラウド移行とクラウド活用術L2延伸を利用したクラウド移行とクラウド活用術
L2延伸を利用したクラウド移行とクラウド活用術
富士通クラウドテクノロジーズ株式会社
 
Grafana LokiではじめるKubernetesロギングハンズオン(NTT Tech Conference #4 ハンズオン資料)
Grafana LokiではじめるKubernetesロギングハンズオン(NTT Tech Conference #4 ハンズオン資料)Grafana LokiではじめるKubernetesロギングハンズオン(NTT Tech Conference #4 ハンズオン資料)
Grafana LokiではじめるKubernetesロギングハンズオン(NTT Tech Conference #4 ハンズオン資料)
NTT DATA Technology & Innovation
 
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message BrokerWSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2
 
Introducing the WSO2 Platform
Introducing the WSO2 PlatformIntroducing the WSO2 Platform
Introducing the WSO2 Platform
WSO2
 

Weitere ähnliche Inhalte

Was ist angesagt?

急速に進化を続けるCNIプラグイン Antrea
急速に進化を続けるCNIプラグイン Antrea 急速に進化を続けるCNIプラグイン Antrea
急速に進化を続けるCNIプラグイン Antrea
Motonori Shindo
 
運用現場で常に隣り合わせの障害対応、IIJの出した答え
運用現場で常に隣り合わせの障害対応、IIJの出した答え運用現場で常に隣り合わせの障害対応、IIJの出した答え
運用現場で常に隣り合わせの障害対応、IIJの出した答え
IIJ
 
【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮
【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮
【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮
Hibino Hisashi
 

Was ist angesagt? (20)

FIWARE Big Data Ecosystem : Cygnus and STH Comet
FIWARE Big Data Ecosystem : Cygnus and STH CometFIWARE Big Data Ecosystem : Cygnus and STH Comet
FIWARE Big Data Ecosystem : Cygnus and STH Comet
 
急速に進化を続けるCNIプラグイン Antrea
急速に進化を続けるCNIプラグイン Antrea 急速に進化を続けるCNIプラグイン Antrea
急速に進化を続けるCNIプラグイン Antrea
 
Fargate起動歴1日の男が語る運用の勘どころ
Fargate起動歴1日の男が語る運用の勘どころFargate起動歴1日の男が語る運用の勘どころ
Fargate起動歴1日の男が語る運用の勘どころ
 
運用現場で常に隣り合わせの障害対応、IIJの出した答え
運用現場で常に隣り合わせの障害対応、IIJの出した答え運用現場で常に隣り合わせの障害対応、IIJの出した答え
運用現場で常に隣り合わせの障害対応、IIJの出した答え
 
[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희
 
ZabbixでDockerも監視
ZabbixでDockerも監視 ZabbixでDockerも監視
ZabbixでDockerも監視
 
世界と日本のDNSSEC
世界と日本のDNSSEC世界と日本のDNSSEC
世界と日本のDNSSEC
 
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
 
製造装置データ収集の選択肢 (AWS IoT Deep Dive #5)
製造装置データ収集の選択肢 (AWS IoT Deep Dive #5)製造装置データ収集の選択肢 (AWS IoT Deep Dive #5)
製造装置データ収集の選択肢 (AWS IoT Deep Dive #5)
 
【de:code 2020】 Power Virtual Agents : ノーコードでボットを作ろう
【de:code 2020】 Power Virtual Agents : ノーコードでボットを作ろう【de:code 2020】 Power Virtual Agents : ノーコードでボットを作ろう
【de:code 2020】 Power Virtual Agents : ノーコードでボットを作ろう
 
【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮
【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮
【第26回Elasticsearch勉強会】Logstashとともに振り返る、やっちまった事例ごった煮
 
JAWS-UG CLI #25 LT - AWS Tools for Windows PowerShellでログを取得
JAWS-UG CLI #25 LT - AWS Tools for Windows PowerShellでログを取得JAWS-UG CLI #25 LT - AWS Tools for Windows PowerShellでログを取得
JAWS-UG CLI #25 LT - AWS Tools for Windows PowerShellでログを取得
 
ぼうけんにでかけよう Kubernetes KEDA
ぼうけんにでかけよう Kubernetes KEDAぼうけんにでかけよう Kubernetes KEDA
ぼうけんにでかけよう Kubernetes KEDA
 
【SecurityJAWS】Kibana Canvasで魅せる!AWS環境における脅威分析ユースケース
【SecurityJAWS】Kibana Canvasで魅せる!AWS環境における脅威分析ユースケース【SecurityJAWS】Kibana Canvasで魅せる!AWS環境における脅威分析ユースケース
【SecurityJAWS】Kibana Canvasで魅せる!AWS環境における脅威分析ユースケース
 
自宅インフラの育て方 第2回
自宅インフラの育て方 第2回自宅インフラの育て方 第2回
自宅インフラの育て方 第2回
 
[JAWS-UG Tokyo 32] AWS Client VPNの特徴
[JAWS-UG Tokyo 32] AWS Client VPNの特徴[JAWS-UG Tokyo 32] AWS Client VPNの特徴
[JAWS-UG Tokyo 32] AWS Client VPNの特徴
 
PCIDSSで学ぶNeuVectorの基礎(Kubernetes Novice Tokyo #21 発表資料)
PCIDSSで学ぶNeuVectorの基礎(Kubernetes Novice Tokyo #21 発表資料)PCIDSSで学ぶNeuVectorの基礎(Kubernetes Novice Tokyo #21 発表資料)
PCIDSSで学ぶNeuVectorの基礎(Kubernetes Novice Tokyo #21 発表資料)
 
ランサムウェアのおはなし
ランサムウェアのおはなしランサムウェアのおはなし
ランサムウェアのおはなし
 
L2延伸を利用したクラウド移行とクラウド活用術
L2延伸を利用したクラウド移行とクラウド活用術L2延伸を利用したクラウド移行とクラウド活用術
L2延伸を利用したクラウド移行とクラウド活用術
 
Grafana LokiではじめるKubernetesロギングハンズオン(NTT Tech Conference #4 ハンズオン資料)
Grafana LokiではじめるKubernetesロギングハンズオン(NTT Tech Conference #4 ハンズオン資料)Grafana LokiではじめるKubernetesロギングハンズオン(NTT Tech Conference #4 ハンズオン資料)
Grafana LokiではじめるKubernetesロギングハンズオン(NTT Tech Conference #4 ハンズオン資料)
 

Andere mochten auch

WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message BrokerWSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2
 
Introducing the WSO2 Platform
Introducing the WSO2 PlatformIntroducing the WSO2 Platform
Introducing the WSO2 Platform
WSO2
 
Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform
WSO2
 
The Role of Governance in Connecting Businesses
The Role of Governance in Connecting BusinessesThe Role of Governance in Connecting Businesses
The Role of Governance in Connecting Businesses
WSO2
 
The WSO2 Advantage for a Connected Business
The WSO2 Advantage for a Connected Business The WSO2 Advantage for a Connected Business
The WSO2 Advantage for a Connected Business
WSO2
 
Introduction to the Connected Business
Introduction to the Connected Business Introduction to the Connected Business
Introduction to the Connected Business
WSO2
 
Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware Platform
WSO2
 
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
WSO2
 
WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012
WSO2
 
Understanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyUnderstanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and Technology
WSO2
 
WSO2 Year End Tech Update Webinar
WSO2 Year End Tech Update Webinar WSO2 Year End Tech Update Webinar
WSO2 Year End Tech Update Webinar
WSO2
 

Andere mochten auch (12)

WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message BrokerWSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
 
Introducing the WSO2 Platform
Introducing the WSO2 PlatformIntroducing the WSO2 Platform
Introducing the WSO2 Platform
 
Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform
 
The Role of Governance in Connecting Businesses
The Role of Governance in Connecting BusinessesThe Role of Governance in Connecting Businesses
The Role of Governance in Connecting Businesses
 
The WSO2 Advantage for a Connected Business
The WSO2 Advantage for a Connected Business The WSO2 Advantage for a Connected Business
The WSO2 Advantage for a Connected Business
 
Introduction to the Connected Business
Introduction to the Connected Business Introduction to the Connected Business
Introduction to the Connected Business
 
Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware Platform
 
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
 
WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012
 
Understanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyUnderstanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and Technology
 
WSO2 Year End Tech Update Webinar
WSO2 Year End Tech Update Webinar WSO2 Year End Tech Update Webinar
WSO2 Year End Tech Update Webinar
 
Understanding the WSO2 Platform
Understanding the WSO2 PlatformUnderstanding the WSO2 Platform
Understanding the WSO2 Platform
 

Ähnlich wie Access control patterns

Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases
WSO2
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
Amazon Web Services
 
Introducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database ProfessionalsIntroducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database Professionals
Lucas Jellema
 

Ähnlich wie Access control patterns (20)

Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
Oracle API Gateway
Oracle API GatewayOracle API Gateway
Oracle API Gateway
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server Tutorial
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?
 
Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel Aviv
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overview
 
Opa in the api management world
Opa in the api management worldOpa in the api management world
Opa in the api management world
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access Control
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
 
Restful api
Restful apiRestful api
Restful api
 
Axiomatics webinar 13 june 2013 shared
Axiomatics webinar 13 june 2013 sharedAxiomatics webinar 13 june 2013 shared
Axiomatics webinar 13 june 2013 shared
 
2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management
 
Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5
 
Developing Web Services With Oracle Web Logic Server
Developing Web Services With Oracle Web Logic ServerDeveloping Web Services With Oracle Web Logic Server
Developing Web Services With Oracle Web Logic Server
 
Wcf rest api introduction
Wcf rest api introductionWcf rest api introduction
Wcf rest api introduction
 
Introducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database ProfessionalsIntroducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database Professionals
 

Mehr von WSO2

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 

Mehr von WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 

Kürzlich hochgeladen

FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
amitlee9823
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 

Kürzlich hochgeladen (20)

Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 

Access control patterns

  • 1. Access  Control  Pa.erns  &  Prac0ces   with     WSO2  Middleware     Prabath  Siriwardena      
  • 2. About  Me   •  Director  of  Security  Architecture  at  WSO2   •  Leads  WSO2  Iden8ty  Server  –  an  open  source  iden8ty  and   en8tlement  management  product.   •  Apache  Axis2/Rampart  commiCer  /  PMC   •  A  member  of  OASIS  Iden8ty  Metasystem  Interoperability   (IMI)  TC,  OASIS  eXtensible  Access  Control  Markup  Language   (XACML)  TC  and  OASIS  Security  Services  (SAML)  TC.   •  TwiCer  :  @prabath   •  Email  :  prabath@apache.org   •  Blog  :  hCp://blog.facilelogin.com   •  LinkedIn  :  hCp://www.linkedin.com/in/prabathsiriwardena    
  • 3.      Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)
  • 4.     With the Discretionary Access Control, the user can be the owner of the data and at his discretion can transfer the rights to another user.
  • 5.     With Mandatory Access Control, only designated users are allowed to grant rights and, users cannot transfer them.
  • 6.     All WSO2 Carbon based products are based on Mandatory Access Control.
  • 7.     Group is a collection of Users - while a Role is a collection of permissions.
  • 8.     Authorization Table vs. Access Control Lists vs. Capabilities
  • 9.     Authorization Table is a three column table with subject, action and resource.
  • 10. With Access Control Lists, each resource is associated with a list, indicating, for each   subject, the actions that the subject can exercise on the resource.  
  • 11. With Capabilities, each subject has an associated list, called capability list, indicating,   for each resource, the accesses that the user is allowed to exercise on the resource.  
  • 12.     Access Control List is resource driven while capabilities are subject driven.
  • 13.     With policy based access control we can have authorization policies with a fine granularity.
  • 14.     Capabilities and Access Control Lists can be dynamically derived from policies.
  • 15.     XACML is the de facto standard for policy based access control.
  • 16.     XACML provides a reference architecture, a request response protocol and a policy language.
  • 17. XACML  Reference  Architecture   Policy  Administra0on   Point  (PAP)   Policy  Decision  Point   (PDP)   Policy  Store   Policy  Enforcement  Point   (PEP)   Policy  Informa0on  Point   (PIP)  
  • 18. WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (STS)   WSO2  Applica0on  Server   (SOAP  Service)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0ons  (Capabili0es)   SAML  token  request   Client  Applica0on   SAML  token  with   Authen0ca0on     and     Authoriza0on  Asser0on   +   Service  Request  
  • 19. WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (SAML2  IdP)   WSO2  Applica0on  Server   (Web  Applica0on)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0on  (Capabili0es)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
  • 20. Role  Based  Access  Control   WSO2  Applica0on  Server   (SOAP  Service)   Client  Applica0on   Service  Request  +  Creden0als   WSO2  ESB   (Policy  Enforcement   Point)   RBAC  
  • 21. WSO2  ESB  as  the  XACML  PEP  (SOAP  and  REST)   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   WSO2  Applica0on  Server   (SOAP  Service)   XACML  Request   WSO2  ESB   (Policy  Enforcement   Point)   Client  Applica0on   Service  Request  +  Creden0als  
  • 22. XACML  PEP  as  a  Servlet  Filter   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   XACML  Request   XACML    Servlet  Filter   Client  Applica0on   WSO2  Applica0on  Server   Service  Request  +  Creden0als  
  • 23. OAuth  +  XACML   WSO2  Iden0ty  Server   (OAuth   Authoriza0on  Server)   XACML     Request   Validate()   XACML  Response   WSO2  Iden0ty  Server   (XACML  PDP)   API  Gateway   Access   Token   Client  Applica0on  
  • 24. Authoriza0on  with  External  IdPs  (Role  Mapping)   WSO2  Iden0ty  Server   IdP   Groups   External  SAML2  IdP   (Salesforce)   SAML  token  with  Authen0ca0on     and  A.ribute  Asser0ons  with  IdP  groups   Web  App     roles   WSO2  Applica0on  Server   (Web  Applica0on)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
  • 25.       Liferay  Portal                             XACML  Mul0ple  Decisions  and     Applica0on  Specific  Roles   XACML  Request   WSO2  Iden0ty  Server   (XAML  PDP)   XACML  Response   Login  
  • 26. lean  .  enterprise  .  middleware