IS includes a full XACML interpreter. Paul
On 2 March 2011 12:30, Brad Cox <[email protected]> wrote: > Thanks Paul. That was our intention when we had the XACML running as a > mediator. But FYI documentation problems stymied progress on that front too. > The basic hangup is that WSO2 documentation doesn't use or even mention the > PEP/PDP distinction, which is a foundation distinction in DOD-land. So web > searches don't hit for WSO2. Same problem with XACML, until I learned to > translate that to "entitlements" (a term that's barely used if ever in DOD). > > I presume by "something similar" you mean using Sun's interpreter? Or did > you also build a full compiler? > > > On Wed, Mar 2, 2011 at 7:08 AM, Paul Fremantle <[email protected]> wrote: > >> Brad >> >> We have done something similar to your paper in another DoD-style project. >> Basically we use the ESB as a gateway that intercepts all calls and applies >> the XACML policy. So the ESB acts as the PEP. The ESB passes requests onto >> the IS which is the PDP. >> >> In order to ensure the ESB intercepts all calls we basically configure the >> backends to only accept calls that have the right SSL/TLS client certificate >> (over HTTPS) and then make sure the ESB is the only system that has this >> cert. That way there is a highly efficient model from ESB to Backend. >> >> Paul >> >> On 2 March 2011 11:59, Brad Cox <[email protected]> wrote: >> >>> See http://bradjcox.blogspot.com for a link to a paper that may be of >>> interest to XACML devotees. >>> >>> The first part of the paper describes an XACML reference implementation. >>> Our first cut at this ran as a mediator in the ESB and was based on Sun's >>> interpreter. This was converted to a service in WSAS and is the version >>> delivered in Dec. >>> >>> XACML is so horrendous as a language and for debugging that we started >>> work on a full compiler which is being finished for delivery as I write >>> this. >>> >>> Why convert a working ESB mediator to a WSAS service? Because I've been >>> unable to understand from the documentation how all these WSO2 products >>> relate to each other. My mental model is an ESB is a general purpose >>> foundation on which specialized products (like WSAS) can be constructed. >>> This seems not to be the case with WSO2 products, since near as I can tell >>> the ESB is not part of WSAS. I also tried the "Add Feature" menu to mix and >>> match features but the result wouldn't even boot. To make any headway at >>> all, I resorted to relying on nothing other than the ability of WSAS to load >>> .AAR files. >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Paul Fremantle >> CTO and Co-Founder, WSO2 >> OASIS WS-RX TC Co-chair, VP, Apache Synapse >> >> Office: +44 844 484 8143 >> Cell: +44 798 447 4618 >> >> blog: http://pzf.fremantle.org >> twitter.com/pzfreo >> [email protected] >> >> wso2.com Lean Enterprise Middleware >> >> Disclaimer: This communication may contain privileged or other >> confidential information and is intended exclusively for the addressee/s. If >> you are not the intended recipient/s, or believe that you may have received >> this communication in error, please reply to the sender indicating that fact >> and delete the copy you received and in addition, you should not print, >> copy, retransmit, disseminate, or otherwise use the information contained in >> this communication. Internet communications cannot be guaranteed to be >> timely, secure, error or virus-free. The sender does not accept liability >> for any errors or omissions. >> > > > > -- > Cell: 703-594-1883 > Blog: http://bradjcox.blogspot.com > Web: http://virtualschool.edu > Manassas VA 20111 > > -- Paul Fremantle CTO and Co-Founder, WSO2 OASIS WS-RX TC Co-chair, VP, Apache Synapse Office: +44 844 484 8143 Cell: +44 798 447 4618 blog: http://pzf.fremantle.org twitter.com/pzfreo [email protected] wso2.com Lean Enterprise Middleware Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, retransmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
