Rushmin, Can you also send a mock UI of the resources section that we discussed? That will make it more clear on how Policy partials & URL templates are mapped.
On Tue, Aug 26, 2014 at 1:48 PM, Rushmin Fernando <[email protected]> wrote: > App Manager supports both database driven simple roles based resource > authorization and XACML based authorization. > > After reviewing the existing XACML based solution, the following changes > are proposed. > > Concepts > ======= > > 1) Policy Partials > > 'Target' section of a XACML policy in App Manager can be auto generated, > since the use defines the URL pattern and the action (HTTP verb) for the > resources to be restricted. So only the 'rules' are the dynamic parts. > > So in this proposal, users are able to save the conditions of the rules > (or may be the rules) against the app. These are called policy partials. > > 2) Applying policy partials to URL templates > > In App Manager publisher there is UI to add url patterns which should be > applied throttling, role restrictions etc.. There will be option for the > user to apply one or more policy partials which are defined in step 1, to > these URL templates. > > 3) Policy generation > > Actual XACML policies will be generated, taking the policy template, > applied policy partials and URL template info. There generate policies will > be persistent and published via identity admin services. > > Please see the attached illustration for more details. > > > > > -- > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > email : [email protected] > mobile : +94772310855 > > > -- /sumedha b : bit.ly/sumedha
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
