xacml

问题 How do we use obligations in XACML? Any reference will be helpful The scenario is that the obligations should refer the PIP and retrun the result to PEP Thanks ---EDIT--- Example from the author's comment: <ObligationExpressions> <ObligationExpression ObligationId="EmailObligation" FulfillOn="Permit"> <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:3.0:example:attribute:text"> <AttributeDesignator MustBePresent="false" Category="urn:oasis:names:tc:xacml:1.0:subject

问题 I am following this link I am stuck on this point given below e) Scroll down and find the XACML related features and install the features to the API Manager as shown below. I am not able to get "XACML Mediation" in wso2AM-2.5.0 And one more thing If any one know every step how to create API in API manager to access XACML policy. I followed many links but i got stuck many point like method parameter, end point of sandbox or production, access token. If any one know every step with clarity then

问题 I'm working on a project which uses Active Directory for user information, ADFS for Authentication and SSO, and several custom applications all built with ASP.NET MVC. The authorization model is claims and role-based; that is, a user's roles are accessible as claims to the relevant application, via tokens issued by ADFS (using WIF). Each role has a defined list of permissions against the applications' various resources (i.e. the role Admin has WRITE permission against resource X). We have the

问题 Let's say I have a collection transactions and a policy that grants read access to a transaction within that collection for users with the role user , if the user's department is the same as the on of the record. The Problem: If I access single resources I have no problem checking access per resource. But if I want to enumerate/ list the whole collection I would need to check each and every item in the collection which is not efficient (especially if you amount of entries is "high"). It would

问题 I am exploring Authzforce XACML3.0 and I have been running into issues. I keep getting my responses as indeterminate. Below is my setup and the Exception trace which it throws. Any help is appreciated. Request File: <?xml version="1.0" encoding="utf-8"?> <Request ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category

问题 I'm working with XACML policies and I have a rule that includes a resource target similar to the following: <Resources> <Resource> <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">/MyDirectory</AttributeValue> <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/> </ResourceMatch> </Resource> </Resources> I

问题 I'm going to secure my Spring Cloud Application with OAuth2 and XACML (using AuthZForce, Balana, AT&T XACML or something similar). I want to use the microservices from Spring-Cloud(-Netflix). To make XACML available I think that I need this: PEP for each existing API-service PDP's as new services, that are used by PEP's. Because Spring-Cloud(-Netflix) has load-balancing functions (Eureka) I need to register this services on Eureka and implement a REST-API. Because all PDP's should use the

问题 I am new in security. I have downloaded wso2 sso sample and executed it. Now I want to configure xacml into this project. My requirement is when user logged in with sso I want to restrict them to access some particular jsp pages. Please give me some suggestion how to implement it and how I can send xacml request. thank you 回答1: [1] is a comprehensive blog written by Asela Pathberiya on XACML and how you can leverage XACML on the wso2 identity server. Please read the blog to clarify different

问题 first I would like to mention that this certainly a novice question, but I was looking for hours now and I do not have an answer. I just started trying XACML for academic purposes. I use the editor provided with wso2-is to write some policies and to evaluate them against some requests. I created this policy to express that the subject u can read or write from a resource d <Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="test-bis" RuleCombiningAlgId="urn:oasis:names:tc

问题 We are using WSO2 IS as the Identity Bus for our solutions. We make REST API in WSO2 ESB to implement our Integration and use OAuth mediator in that to securing our API. in WSO2 IS we create a service provider as sp1 and apply XACML policy to that. I want to create XACML policy to permit incoming requests just when client_ip is xxx.xxx.xxx.xxx and request URI is http://wso2ESB.uri/sampleApi/app and method is GET . please help me to make this XACML policy in WSO2 IS. 回答1: Currently WSO2