SlideShare ist ein Scribd-Unternehmen logo

The WSO2 Identity Server - An answer to your common XACML dilemmas

WSO2
WSO2
Technologie
1 von 56
Downloaden Sie, um offline zu lesen
An answer to your common XACML dilemmas Asela Pathberiya Senior Software Engineer
WSO2  Founded in 2005 by acknowledged leaders in XML, Web Services Technologies & Standards and Open Source  Producing entire middleware platform 100% open source under Apache license  Business model is to sell comprehensive support & maintenance for our products  Venture funded by Intel Capital and Quest Software.  Global corporation with offices in USA, UK & Sri Lanka  150+ employees and growing
What are we going to cover  What is XACML?  Why is XACML important for your organization?  What are the disadvantages of XACML?  How can WSO2 Identity Server help you to overcome those disadvantages?
ETag Group ETag group is a trading company, which is established in 2001.
Application System ETag group deployed their 1st Application System in 2005.
Authentication Application System included an authentication mechanism
Authentication Some functions and data in the Application System must not be accessed by all employees in the company. Therefore authentication is not enough..!!!
Authorization ETag group wanted to build an authorization logic for their Application System.
Role Based Access Control (RBAC) Set of people who has same set of privileges, put in to a role and assign permission for that role.
Role Based Access Control (RBAC)
Growth of ETag Group Effect of company growth  No. of Application Systems were increased. For each application system, authorization logics were needed to implemented.  Authorization logics became more complex  Authorization logics were needed to be updated frequently  Maintaining of authorization logics became a tricky task
Meeting Decided implement a new authorization system
ETag Common Authorization System (ECAS)  Denis was asked to lead “ECAS” project  “ECAS” project must fulfill following six requirements as decided in the board meeting.
Externalized Authorization system is not bound to an application. Each application must be able to query a single authorization system for all authorization queries
Policy based Authorization logics can be modified frequently without any source code changes.
Standardized Even business managers and external people must be aware of the technology which is used to design this.
Attribute Based "X resource can be accessed by the Users who are from etag.com domain and whose age is not less than 18 years old”
Fine-grained Need to achieve the fine grain without defining a large number of static combinations in the source code or database
Real Time “Can user, Bob transfer X amount from current account Y between 9.00am to 4.00pm”
 Externalized  Policy based  Standardized  Attribute based  Fine-grained  Dynamic Authorization Solution
XACML XACML is standard for eXtensible Access Control Markup Language
Standard which is ratified by OASIS standards organization The first meeting 21st March 2001 XACML 1.0 - OASIS Standard – 6 February 2003 XACML 1.1 – Committee Specification – 7th August 2003 XACML 2.0 – OASIS Standard – 1 February 2005 XACML 3.0 – OASIS Standard – 10th Aug 2010
Policy language implemented using XML
Externalization is provided by XACML Reference architecture
Attribute Based Access Control (ABAC)
Fine-grained authorization Fine-grained authorization with higher level of abstraction by means of policy sets policies and rules.
Real time evaluation
XACML Implementation for ECAS Denis was really happy as he found the solution for all requirements Denis thought to start to implement XACML based authorization system for ECAS project
Meeting “Denis, It is hard to implement a XACML solution from the scratch” “It is better to find an existing implementation and plug it in to ECAS project “
Meeting “We need a closer look on XACML... Let have a review on it”
Disadvantages  Performances of XACML based authorization system would be less than the existing system  Complexity of defining and managing XACML policies  How to integrate current authorization logics in to new system as XACML policies.  How to provide a standard interface to communicate with with PDP.  PDP would be able to handle lager number of (10000 -100000) policies  How to achieve reliability and High availability.  Can XACML solutions support "What are the resources that Bob can access?"
XACML Implementations
An Open source XACML Implementation "Open source XACML solution, WSO2 identity Server, Just download and can run the PDP with out any configuration. how fast is that..? I do not want to write mail asking for evaluation copies" "I can just write simple XACML policy and try this out... Nice web based UI. "
WSO2 Identity Server
WSO2 Identity Server
Performance bottleneck  There would be less performance than the traditional authorization systems.  It is a trade-off for the advantages, offered  But WSO2 Identity Server team has identify this performance bottleneck and has provided a solution to overcome this to a greater extent. Caching technologies Thrift protocol for PDP – PEP communication
Caching
Load Test Figures  Environment Intel(R) Xeon(R) CPU X3440 @ 2.53GHz processor, 4 GB RAM, OS - Debian 6.0 (64bit) - with a single instance of Identity Server [-Xms1024m -Xmx2024m -XX:MaxPermSize=1024m]  Policy Complexity L1: 10 rules per policy while one rule dealing with 1 attribute L2: 100 rules per policy while one rule dealing with more than 10 attributes  Requests one million XACML requests. XACML requests are randomly retrieved from a pool where 10 000 different requests are available  Resources http://people.wso2.com/~asela/xacml_load_test/
Load Test Result - Caching
Load Test Result - Thrift
Complexity of defining and managing XACML policies Web based UI as PAP for defining and managing XACML policies.
XACML Policy Editors Two policy editors, Basic and Advance.
Integrating current authorization logics
Standard interface for PDP and PAP All PDP and PAP functionality has been exposed as Web services
Handling large number of policies  Policy distribution  On demand Policy Loading
Reliability and High Availability PDP clustering
Listing entitled resources for user
What we discussed Today  Identified XACML as a standard way of implementing authorization  How XACML answers the authorization requirements of your organization  What are the negative points of XACML  How WSO2 Identity Server has provided an answer for them
References www.oasis-open.org/committees/xacml http://xacmlinfo.com/ http://blog.facilelogin.com
Q and A
Customers
WSO2 Engagement Model QuickStart Development Support Development Services Production Support Turnkey Solutions WSO2 Mobile Services Solution WSO2 FIX Gateway Solution WSO2 SAP Gateway Solution
Thank You...!!! Contact Us… bizdev@wso2.com

Empfohlen

SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
Driving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningDriving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningWSO2
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns WSO2
 
Why WSO2 for Digital Transformation
Why WSO2 for Digital TransformationWhy WSO2 for Digital Transformation
Why WSO2 for Digital TransformationWSO2
 
Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring WSO2
 
Navigating the Digital Transformation Landscape
Navigating the Digital Transformation Landscape Navigating the Digital Transformation Landscape
Navigating the Digital Transformation Landscape WSO2
 
Why WSO2 for Digital Transformation?
Why WSO2 for Digital Transformation? Why WSO2 for Digital Transformation?
Why WSO2 for Digital Transformation? WSO2
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...WSO2
 

Empfohlen

SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
Driving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningDriving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningWSO2
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns WSO2
 
Why WSO2 for Digital Transformation
Why WSO2 for Digital TransformationWhy WSO2 for Digital Transformation
Why WSO2 for Digital TransformationWSO2
 
Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring Enterprise Use Case Webinar - PaaS Metering and Monitoring
Enterprise Use Case Webinar - PaaS Metering and Monitoring WSO2
 
Navigating the Digital Transformation Landscape
Navigating the Digital Transformation Landscape Navigating the Digital Transformation Landscape
Navigating the Digital Transformation Landscape WSO2
 
Why WSO2 for Digital Transformation?
Why WSO2 for Digital Transformation? Why WSO2 for Digital Transformation?
Why WSO2 for Digital Transformation? WSO2
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...WSO2
 
Architecting SaaS
Architecting SaaSArchitecting SaaS
Architecting SaaSAxEdge Consulting
 
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Digital Transformation EXPO Event Series
 
API Branding Strategy
API Branding StrategyAPI Branding Strategy
API Branding StrategyWSO2
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosWSO2
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security RequirementsWSO2
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...ForgeRock
 
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...WSO2
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital EconomyWSO2
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the MeshNordic APIs
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Ping Identity
 
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer StoriesWSO2
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 
Why select a cloud based development platform
Why select a cloud based development platformWhy select a cloud based development platform
Why select a cloud based development platformWSO2
 
Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3WSO2
 
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018Starling Bank
 
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsDevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsApigee | Google Cloud
 
Securing your Cloud Application using StratosLive
Securing your Cloud Application using StratosLiveSecuring your Cloud Application using StratosLive
Securing your Cloud Application using StratosLiveWSO2
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
IT Modernization For Process Modernization
IT Modernization For Process ModernizationIT Modernization For Process Modernization
IT Modernization For Process ModernizationDheeraj Remella
 

Weitere ähnliche Inhalte

Was ist angesagt?

apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Digital Transformation EXPO Event Series
 
API Branding Strategy
API Branding StrategyAPI Branding Strategy
API Branding StrategyWSO2
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosWSO2
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security RequirementsWSO2
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...ForgeRock
 
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...WSO2
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital EconomyWSO2
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the MeshNordic APIs
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Ping Identity
 
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer StoriesWSO2
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 
Why select a cloud based development platform
Why select a cloud based development platformWhy select a cloud based development platform
Why select a cloud based development platformWSO2
 
Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3WSO2
 
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018Starling Bank
 
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsDevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsApigee | Google Cloud
 
Securing your Cloud Application using StratosLive
Securing your Cloud Application using StratosLiveSecuring your Cloud Application using StratosLive
Securing your Cloud Application using StratosLiveWSO2
 

Was ist angesagt? (20)

Architecting SaaS
Architecting SaaSArchitecting SaaS
Architecting SaaS
 
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
 
API Branding Strategy
API Branding StrategyAPI Branding Strategy
API Branding Strategy
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 Stratos
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
 
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
Apply API Governance to RESTful Service APIs using WSO2 Governance Registry a...
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the Mesh
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
 
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
[WSO2Con EU 2017] From the Trenches: IoT Customer Stories
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
 
Why select a cloud based development platform
Why select a cloud based development platformWhy select a cloud based development platform
Why select a cloud based development platform
 
Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3Open sourceadoption prajod.wso2.v3
Open sourceadoption prajod.wso2.v3
 
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
Building a Reliable Cloud Bank in Java | Starling Bank | QCon 2018
 
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsDevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile Apps
 
Securing your Cloud Application using StratosLive
Securing your Cloud Application using StratosLiveSecuring your Cloud Application using StratosLive
Securing your Cloud Application using StratosLive
 

Ähnlich wie The WSO2 Identity Server - An answer to your common XACML dilemmas

Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
IT Modernization For Process Modernization
IT Modernization For Process ModernizationIT Modernization For Process Modernization
IT Modernization For Process ModernizationDheeraj Remella
 
Software Licensing In The Cloud (CloudWorld 2009)
Software Licensing In The Cloud (CloudWorld 2009)Software Licensing In The Cloud (CloudWorld 2009)
Software Licensing In The Cloud (CloudWorld 2009)Stuart Charlton
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioInho Kang
 
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클Oracle Korea
 
Soa12c launch 1 overview cr
Soa12c launch 1 overview crSoa12c launch 1 overview cr
Soa12c launch 1 overview crVasily Demin
 
Leveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business ServicesLeveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business ServicesAmazon Web Services
 
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloudA1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloudDr. Wilfred Lin (Ph.D.)
 
Top10waystointegratewithoracleecmbezzo 1222791433931452 9
Top10waystointegratewithoracleecmbezzo 1222791433931452 9Top10waystointegratewithoracleecmbezzo 1222791433931452 9
Top10waystointegratewithoracleecmbezzo 1222791433931452 9MrLynnRClemons
 
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)Brian Huff
 
Oracle OpenWorld 2010大会发布的新公告及关键信息
Oracle OpenWorld 2010大会发布的新公告及关键信息Oracle OpenWorld 2010大会发布的新公告及关键信息
Oracle OpenWorld 2010大会发布的新公告及关键信息slidethanks
 
Technical Compentency Document
Technical Compentency DocumentTechnical Compentency Document
Technical Compentency Documentamitdesai
 
Drools Presentation for Tallink.ee
Drools Presentation for Tallink.eeDrools Presentation for Tallink.ee
Drools Presentation for Tallink.eeAnton Arhipov
 
Cloud Computing Realities - Getting past the hype and setting your cloud stra...
Cloud Computing Realities - Getting past the hype and setting your cloud stra...Cloud Computing Realities - Getting past the hype and setting your cloud stra...
Cloud Computing Realities - Getting past the hype and setting your cloud stra...Compuware APM
 
Why Cloud Management Makes Sense
Why Cloud Management Makes SenseWhy Cloud Management Makes Sense
Why Cloud Management Makes SenseRightScale
 
Roadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRoadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRex Wang
 
Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases WSO2
 
RESUME_NEHA _SELENIUM
RESUME_NEHA _SELENIUMRESUME_NEHA _SELENIUM
RESUME_NEHA _SELENIUMNeha Samal
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Alicja Sieminska
 

Ähnlich wie The WSO2 Identity Server - An answer to your common XACML dilemmas (20)

Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
IT Modernization For Process Modernization
IT Modernization For Process ModernizationIT Modernization For Process Modernization
IT Modernization For Process Modernization
 
Software Licensing In The Cloud (CloudWorld 2009)
Software Licensing In The Cloud (CloudWorld 2009)Software Licensing In The Cloud (CloudWorld 2009)
Software Licensing In The Cloud (CloudWorld 2009)
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istio
 
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
 
Soa12c launch 1 overview cr
Soa12c launch 1 overview crSoa12c launch 1 overview cr
Soa12c launch 1 overview cr
 
Leveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business ServicesLeveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business Services
 
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloudA1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
 
Top10waystointegratewithoracleecmbezzo 1222791433931452 9
Top10waystointegratewithoracleecmbezzo 1222791433931452 9Top10waystointegratewithoracleecmbezzo 1222791433931452 9
Top10waystointegratewithoracleecmbezzo 1222791433931452 9
 
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)
Top 10 Ways To Integrate With Oracle Enterprise Content Management (ECM)
 
AWS Workloads on AWS
AWS Workloads on AWSAWS Workloads on AWS
AWS Workloads on AWS
 
Oracle OpenWorld 2010大会发布的新公告及关键信息
Oracle OpenWorld 2010大会发布的新公告及关键信息Oracle OpenWorld 2010大会发布的新公告及关键信息
Oracle OpenWorld 2010大会发布的新公告及关键信息
 
Technical Compentency Document
Technical Compentency DocumentTechnical Compentency Document
Technical Compentency Document
 
Drools Presentation for Tallink.ee
Drools Presentation for Tallink.eeDrools Presentation for Tallink.ee
Drools Presentation for Tallink.ee
 
Cloud Computing Realities - Getting past the hype and setting your cloud stra...
Cloud Computing Realities - Getting past the hype and setting your cloud stra...Cloud Computing Realities - Getting past the hype and setting your cloud stra...
Cloud Computing Realities - Getting past the hype and setting your cloud stra...
 
Why Cloud Management Makes Sense
Why Cloud Management Makes SenseWhy Cloud Management Makes Sense
Why Cloud Management Makes Sense
 
Roadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud ComputingRoadmap to Enterprise Cloud Computing
Roadmap to Enterprise Cloud Computing
 
Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases
 
RESUME_NEHA _SELENIUM
RESUME_NEHA _SELENIUMRESUME_NEHA _SELENIUM
RESUME_NEHA _SELENIUM
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...
 

Mehr von WSO2

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 

Mehr von WSO2 (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 

Kürzlich hochgeladen

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Kürzlich hochgeladen (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

The WSO2 Identity Server - An answer to your common XACML dilemmas

  • 1. An answer to your common XACML dilemmas Asela Pathberiya Senior Software Engineer
  • 2. WSO2  Founded in 2005 by acknowledged leaders in XML, Web Services Technologies & Standards and Open Source  Producing entire middleware platform 100% open source under Apache license  Business model is to sell comprehensive support & maintenance for our products  Venture funded by Intel Capital and Quest Software.  Global corporation with offices in USA, UK & Sri Lanka  150+ employees and growing
  • 3. What are we going to cover  What is XACML?  Why is XACML important for your organization?  What are the disadvantages of XACML?  How can WSO2 Identity Server help you to overcome those disadvantages?
  • 4. ETag Group ETag group is a trading company, which is established in 2001.
  • 5. Application System ETag group deployed their 1st Application System in 2005.
  • 6. Authentication Application System included an authentication mechanism
  • 7. Authentication Some functions and data in the Application System must not be accessed by all employees in the company. Therefore authentication is not enough..!!!
  • 8. Authorization ETag group wanted to build an authorization logic for their Application System.
  • 9. Role Based Access Control (RBAC) Set of people who has same set of privileges, put in to a role and assign permission for that role.
  • 10. Role Based Access Control (RBAC)
  • 11. Growth of ETag Group Effect of company growth  No. of Application Systems were increased. For each application system, authorization logics were needed to implemented.  Authorization logics became more complex  Authorization logics were needed to be updated frequently  Maintaining of authorization logics became a tricky task
  • 12. Meeting Decided implement a new authorization system
  • 13. ETag Common Authorization System (ECAS)  Denis was asked to lead “ECAS” project  “ECAS” project must fulfill following six requirements as decided in the board meeting.
  • 14. Externalized Authorization system is not bound to an application. Each application must be able to query a single authorization system for all authorization queries
  • 15. Policy based Authorization logics can be modified frequently without any source code changes.
  • 16. Standardized Even business managers and external people must be aware of the technology which is used to design this.
  • 17. Attribute Based "X resource can be accessed by the Users who are from etag.com domain and whose age is not less than 18 years old”
  • 18. Fine-grained Need to achieve the fine grain without defining a large number of static combinations in the source code or database
  • 19. Real Time “Can user, Bob transfer X amount from current account Y between 9.00am to 4.00pm”
  • 20.  Externalized  Policy based  Standardized  Attribute based  Fine-grained  Dynamic Authorization Solution
  • 21.
  • 22. XACML XACML is standard for eXtensible Access Control Markup Language
  • 23. Standard which is ratified by OASIS standards organization The first meeting 21st March 2001 XACML 1.0 - OASIS Standard – 6 February 2003 XACML 1.1 – Committee Specification – 7th August 2003 XACML 2.0 – OASIS Standard – 1 February 2005 XACML 3.0 – OASIS Standard – 10th Aug 2010
  • 25. Externalization is provided by XACML Reference architecture
  • 26. Attribute Based Access Control (ABAC)
  • 27. Fine-grained authorization Fine-grained authorization with higher level of abstraction by means of policy sets policies and rules.
  • 29. XACML Implementation for ECAS Denis was really happy as he found the solution for all requirements Denis thought to start to implement XACML based authorization system for ECAS project
  • 30. Meeting “Denis, It is hard to implement a XACML solution from the scratch” “It is better to find an existing implementation and plug it in to ECAS project “
  • 31. Meeting “We need a closer look on XACML... Let have a review on it”
  • 32. Disadvantages  Performances of XACML based authorization system would be less than the existing system  Complexity of defining and managing XACML policies  How to integrate current authorization logics in to new system as XACML policies.  How to provide a standard interface to communicate with with PDP.  PDP would be able to handle lager number of (10000 -100000) policies  How to achieve reliability and High availability.  Can XACML solutions support "What are the resources that Bob can access?"
  • 34. An Open source XACML Implementation "Open source XACML solution, WSO2 identity Server, Just download and can run the PDP with out any configuration. how fast is that..? I do not want to write mail asking for evaluation copies" "I can just write simple XACML policy and try this out... Nice web based UI. "
  • 37. Performance bottleneck  There would be less performance than the traditional authorization systems.  It is a trade-off for the advantages, offered  But WSO2 Identity Server team has identify this performance bottleneck and has provided a solution to overcome this to a greater extent. Caching technologies Thrift protocol for PDP – PEP communication
  • 39. Load Test Figures  Environment Intel(R) Xeon(R) CPU X3440 @ 2.53GHz processor, 4 GB RAM, OS - Debian 6.0 (64bit) - with a single instance of Identity Server [-Xms1024m -Xmx2024m -XX:MaxPermSize=1024m]  Policy Complexity L1: 10 rules per policy while one rule dealing with 1 attribute L2: 100 rules per policy while one rule dealing with more than 10 attributes  Requests one million XACML requests. XACML requests are randomly retrieved from a pool where 10 000 different requests are available  Resources http://people.wso2.com/~asela/xacml_load_test/
  • 40. Load Test Result - Caching
  • 41. Load Test Result - Thrift
  • 42. Complexity of defining and managing XACML policies Web based UI as PAP for defining and managing XACML policies.
  • 43. XACML Policy Editors Two policy editors, Basic and Advance.
  • 45. Standard interface for PDP and PAP All PDP and PAP functionality has been exposed as Web services
  • 46. Handling large number of policies  Policy distribution  On demand Policy Loading
  • 47. Reliability and High Availability PDP clustering
  • 49.
  • 50.
  • 51. What we discussed Today  Identified XACML as a standard way of implementing authorization  How XACML answers the authorization requirements of your organization  What are the negative points of XACML  How WSO2 Identity Server has provided an answer for them
  • 55. WSO2 Engagement Model QuickStart Development Support Development Services Production Support Turnkey Solutions WSO2 Mobile Services Solution WSO2 FIX Gateway Solution WSO2 SAP Gateway Solution