Re: [Architecture] [RRT] XACML based scope validator (during OAuth2 token validation)

Fri, 12 Jan 2018 00:41:37 -0800 

Hi all,

As the aim of this project is to validate the scope of the token against
XACML policies. I was wrong about the extension point. There is no need to
implement it from token validation point. There is an extension point to
extends scope validation("OAuth2ScopeValidator"). And  IS allows
multi-scope validators. So  I am going start from here.

Thanks and Regards,
Senthalan

On Thu, Jan 11, 2018 at 5:35 PM, Senthalan Kanagalingam <[email protected]>
wrote:

> Hi all,
>
> I am currently working on implementing XACML based scope validator when
> the resource server tries to validate the OAuth2 token. Users can publish
> their token validation XACML policies to the policy store. Here[1
> <https://docs.google.com/document/d/1unh9QsDXMXxwbr3SPYLgRG1mKvxphX9VjhRAthHIlQU/edit?usp=sharing>]
> is a sample policy template.
>
> The spec implementation of the OAuth2 token validation is already in WSO2
> IS. If spec validation passed only this validator will be called. XACML
> request will be created using the retrieved information of the user. Then
> that XACML request will be validated using the entitlement engine.
>
> There will be a global configuration to enable or disable this validation.
> But in future, it will be implemented as a configurable option for each
> service provider.
>
> WSO2 IS have an extension point to implement TokenValidator[2
> <https://docs.wso2.com/display/IS540/Extension+Points+for+OAuth#ExtensionPointsforOAuth-OAuth2TokenValidator>].
> I am planning to implement custom validator ("
> XACMLbasedOAuth2TokenValidator") at the point for validation.
>
> I am looking forward to suggestions/comments.
>
> [1] -  https://docs.google.com/document/d/1unh9QsDXMXxwbr3SPYLgRG1mKvxph
> X9VjhRAthHIlQU/edit?usp=sharing
> [2] - https://docs.wso2.com/display/IS540/Extension+Points+for+
> OAuth#ExtensionPointsforOAuth-OAuth2TokenValidator
>
> Thanks and Regards,
> Senthalan
> --
>
> *Senthalan Kanagalingam*
> *Software Engineer - WSO2 Inc.*
> *Mobile : +94 (0) 77 18 77 466*
> <http://wso2.com/signature>
>



-- 

*Senthalan Kanagalingam*
*Software Engineer - WSO2 Inc.*
*Mobile : +94 (0) 77 18 77 466*
<http://wso2.com/signature>

_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to