Hi all, I am currently working on implementing XACML based scope validator when the resource server tries to validate the OAuth2 token. Users can publish their token validation XACML policies to the policy store. Here[1 <https://docs.google.com/document/d/1unh9QsDXMXxwbr3SPYLgRG1mKvxphX9VjhRAthHIlQU/edit?usp=sharing>] is a sample policy template.
The spec implementation of the OAuth2 token validation is already in WSO2 IS. If spec validation passed only this validator will be called. XACML request will be created using the retrieved information of the user. Then that XACML request will be validated using the entitlement engine. There will be a global configuration to enable or disable this validation. But in future, it will be implemented as a configurable option for each service provider. WSO2 IS have an extension point to implement TokenValidator[2 <https://docs.wso2.com/display/IS540/Extension+Points+for+OAuth#ExtensionPointsforOAuth-OAuth2TokenValidator>]. I am planning to implement custom validator ("XACMLbasedOAuth2TokenValidator") at the point for validation. I am looking forward to suggestions/comments. [1] - https://docs.google.com/document/d/1unh9QsDXMXxwbr3SPYLgRG1mKvxphX9VjhRAthHIlQU/edit?usp=sharing [2] - https://docs.wso2.com/display/IS540/Extension+Points+for+OAuth#ExtensionPointsforOAuth-OAuth2TokenValidator Thanks and Regards, Senthalan -- *Senthalan Kanagalingam* *Software Engineer - WSO2 Inc.* *Mobile : +94 (0) 77 18 77 466* <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
