Author: madhan Date: Mon Oct 16 23:56:38 2023 New Revision: 1913035 URL: http://svn.apache.org/viewvc?rev=1913035&view=rev Log: RANGER-4474: blog: adventures in abac - part-2
Added: ranger/site/trunk/adventures_in_abac_2.files/ ranger/site/trunk/adventures_in_abac_2.files/fig1-policy_globalsalespartners_row_filter_sr_sp.jpg (with props) ranger/site/trunk/adventures_in_abac_2.files/fig2-policy_globalsalespartners_row_filter_abac.jpg (with props) ranger/site/trunk/adventures_in_abac_2.files/fig3-policy_tag_based_on_user_role.jpg (with props) ranger/site/trunk/adventures_in_abac_2.files/fig4-policy_tag_policy_abac.jpg (with props) ranger/site/trunk/adventures_in_abac_2.files/table_globalsalespartners.jpg (with props) ranger/site/trunk/adventures_in_abac_2.html Modified: ranger/site/trunk/blogs.html Added: ranger/site/trunk/adventures_in_abac_2.files/fig1-policy_globalsalespartners_row_filter_sr_sp.jpg URL: http://svn.apache.org/viewvc/ranger/site/trunk/adventures_in_abac_2.files/fig1-policy_globalsalespartners_row_filter_sr_sp.jpg?rev=1913035&view=auto ============================================================================== Binary file - no diff available. Propchange: ranger/site/trunk/adventures_in_abac_2.files/fig1-policy_globalsalespartners_row_filter_sr_sp.jpg ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: ranger/site/trunk/adventures_in_abac_2.files/fig2-policy_globalsalespartners_row_filter_abac.jpg URL: http://svn.apache.org/viewvc/ranger/site/trunk/adventures_in_abac_2.files/fig2-policy_globalsalespartners_row_filter_abac.jpg?rev=1913035&view=auto ============================================================================== Binary file - no diff available. Propchange: ranger/site/trunk/adventures_in_abac_2.files/fig2-policy_globalsalespartners_row_filter_abac.jpg ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: ranger/site/trunk/adventures_in_abac_2.files/fig3-policy_tag_based_on_user_role.jpg URL: http://svn.apache.org/viewvc/ranger/site/trunk/adventures_in_abac_2.files/fig3-policy_tag_based_on_user_role.jpg?rev=1913035&view=auto ============================================================================== Binary file - no diff available. Propchange: ranger/site/trunk/adventures_in_abac_2.files/fig3-policy_tag_based_on_user_role.jpg ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: ranger/site/trunk/adventures_in_abac_2.files/fig4-policy_tag_policy_abac.jpg URL: http://svn.apache.org/viewvc/ranger/site/trunk/adventures_in_abac_2.files/fig4-policy_tag_policy_abac.jpg?rev=1913035&view=auto ============================================================================== Binary file - no diff available. Propchange: ranger/site/trunk/adventures_in_abac_2.files/fig4-policy_tag_policy_abac.jpg ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: ranger/site/trunk/adventures_in_abac_2.files/table_globalsalespartners.jpg URL: http://svn.apache.org/viewvc/ranger/site/trunk/adventures_in_abac_2.files/table_globalsalespartners.jpg?rev=1913035&view=auto ============================================================================== Binary file - no diff available. Propchange: ranger/site/trunk/adventures_in_abac_2.files/table_globalsalespartners.jpg ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: ranger/site/trunk/adventures_in_abac_2.html URL: http://svn.apache.org/viewvc/ranger/site/trunk/adventures_in_abac_2.html?rev=1913035&view=auto ============================================================================== --- ranger/site/trunk/adventures_in_abac_2.html (added) +++ ranger/site/trunk/adventures_in_abac_2.html Mon Oct 16 23:56:38 2023 @@ -0,0 +1,312 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE html> +<html lang="en"> + + <head> + <meta http-equiv=Content-Type content="text/html; charset=utf-8"> + <title>Adventures in ABAC - Part 2</title> + <style> + <!-- + /* Font Definitions */ + @font-face {font-family:Wingdings; panose-1:5 0 0 0 0 0 0 0 0 0;} + @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} + @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} + @font-face {font-family:"Calibri Light"; panose-1:2 15 3 2 2 2 4 3 2 4;} + + /* Style Definitions */ + p.MsoNormal, li.MsoNormal, div.MsoNormal + {margin:0in; font-size:12.0pt; font-family:"Calibri",sans-serif;} + h1 + {mso-style-link:"Heading 1 Char"; margin-top:12.0pt; margin-right:0in; margin-bottom:0in; margin-left:0in; page-break-after:avoid; font-size:16.0pt; font-family:"Calibri Light",sans-serif; color:#2F5496; font-weight:normal;} + + p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText + {mso-style-link:"Footnote Text Char"; margin:0in; font-size:10.0pt; font-family:"Calibri",sans-serif;} + + p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph + {margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:12.0pt; font-family:"Calibri",sans-serif;} + p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst + {margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:12.0pt; font-family:"Calibri",sans-serif;} + p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle + {margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:12.0pt; font-family:"Calibri",sans-serif;} + p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast + {margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:12.0pt; font-family:"Calibri",sans-serif;} + span.Heading1Char + {mso-style-name:"Heading 1 Char"; mso-style-link:"Heading 1"; font-family:"Calibri Light",sans-serif; color:#2F5496;} + span.FootnoteTextChar + {mso-style-name:"Footnote Text Char"; mso-style-link:"Footnote Text";} + .MsoChpDefault + {font-family:"Calibri",sans-serif;} + + /* Page Definitions */ + @page WordSection1 + {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} + div.WordSection1 + {page:WordSection1;} + + + /* List Definitions */ + ol + {margin-bottom:0in;} + ul + {margin-bottom:0in;} + --> + </style> + </head> + + <body lang=EN-US style='width:800px;word-wrap:break-word;align:center;margin:auto;border:ridge' > + <div style="margin-left:10pt;margin-right:10pt"> + <h1 style="text-align:center">Adventures in attribute-based access control (ABAC) - Part 2</h1> + <p class=MsoNormal style='font:5.0pt "Times New Roman"'> </p> + <div style="text-align:center"> + <p class=MsoNormal>Barbara Eckman, Ph.D., Distinguished Architect, Comcast</p> + <p class=MsoNormal>Oct 15, 2023</p> + </div> + <p class=MsoNormal> </p> + + <div class=WordSection> + <h1>Introduction</h1> + + <p class=MsoNormal> + Previously in <a href="./adventures_in_abac_1.html">Part 1</a> of this series we examined an increasingly + complex series of use cases involving role membership and row filtering. While built-in Apache Ranger⢠+ TBAC, RBAC, and row-filter based access policies are powerful, they may not be sufficient for complex access + control constraints. As the numbers of row filters that must be simultaneously enforced rises, the number of + roles and row filter conditions increases combinatorially and rapidly becomes difficult to manage. + </p> + + <p class=MsoNormal> </p> + + <p class=MsoNormal> + This post introduces the principles of Attribute-based Access Control (ABAC) and shows how they enable us to + avoid this potentially mushrooming complexity. Letâs recall the final use case from part 1. + </p> + + <p class=MsoNormal> </p> + + <h1>Recap: GlobalSalesPartners table row filters</h1> + <p class=MsoNormal> + The GlobalSalesPartners table includes info on which business partner (âABCâ or âXYZâ) produced the data, as + well as the salesRegion where the sale occurred. + </p> + <p class=MsoNormal align=center style='text-align:center'> + <img width=700 height=140 id="Picture 6" src="adventures_in_abac_2.files/table_globalsalespartners.jpg" alt="Table USSales"> + </p> + <p class=MsoNormal> </p> + <p class=MsoNormal>Recall our favorite users:</p> + + <table class=MsoTableGrid border=1 cellspacing=0 cellpadding=0 style='margin-left:30.35pt;border-collapse:collapse;border:none'> + <tr> + <td width=90 valign=top style='width:67.25pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p class=MsoNormal><b>User</b></p></td> + <td width=102 valign=top style='width:76.5pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p class=MsoNormal><b>Region</b></p></td> + <td width=132 valign=top style='width:99.0pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p class=MsoNormal><b>Partner</b></p></td> + </tr> + <tr> + <td width=90 valign=top style='width:67.25pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>Bob</p></td> + <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>US</p></td> + <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>ABC</p></td> + </tr> + <tr> + <td width=90 valign=top style='width:67.25pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>Celestine</p></td> + <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>EMEA</p></td> + <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>ABC, XYZ</p></td> + </tr> + </table> + <p class=MsoNormal> </p> + + <p class=MsoNormal>Row-filter policies from part 1:</p> + + <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'><span style='font-family:Symbol'>1. <span style='font:7.0pt "Times New Roman"'> </span></span>Users in salesRegion.US role have access to rows where salesRegion = âUSâ</p> + <p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in'><span style='font-family:Symbol'>2. <span style='font:7.0pt "Times New Roman"'> </span></span>Users in salesRegion.EMEA role have access to rows where salesRegion = âEMEAâ</p> + <p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in'><span style='font-family:Symbol'>3. <span style='font:7.0pt "Times New Roman"'> </span></span>Users in salesPartner.ABC role have access to rows where salesPartner = âABCâ</p> + <p class=MsoListParagraphCxSpLast style='text-indent:-.25in'><span style='font-family:Symbol'>4. <span style='font:7.0pt "Times New Roman"'> </span></span>Users in salesPartner.XYZ role has access to rows where salesPartner = âXYZâ</p> + <p class=MsoNormal> </p> + <p class=MsoNormal align=center style='text-align:center'> + <img width=700 height=800 border=1 id="policy_table_ussales_rib" src="adventures_in_abac_2.files/fig1-policy_globalsalespartners_row_filter_sr_sp.jpg" alt="Fig 1. Apache Ranger™ Table GlobalSalesPartners: row-filter policy to restrict access based on sales region and sales partner"> + </p> + <p class=MsoNormal> </p> + <p class=MsoNormal align=center style='text-align:center'>Fig 1. Apache Ranger™ Table GlobalSalesPartners: row-filter policy to restrict access based on sales region and sales partner</p> + <p class=MsoNormal> </p> + <p class=MsoNormal> + We noted previously that as the numbers of salesRegions and salesPartners rise, the number of + roles and row filter conditions increases combinatorially, and rapidly becomes difficult to manage. + </p> + + <p class=MsoNormal><span style='font-size:16.0pt;font-family:"Calibri Light",sans-serif;color:#2F5496'> </span></p> + + <h1>ABAC Principles</h1> + <p class=MsoNormal> + But what if Ranger policy engine had direct access to Bobâs sales partners, and Bobâs sales region, without + reference to any roles he might be a member of? Then a row filter could be expressed this way, assuming Bob + has access to data from only one sales region and sales partner + </p> + + <p class=MsoNormal><span style='font-size:8.0pt;font-family:"Calibri Light",sans-serif;color:#2F5496'> </span></p> + + <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'><span style='font-family:Symbol'><span style='font:7.0pt "Times New Roman"'> </span></span><partner attribute value in row> == <Bobâs partner> AND <sales region value in row> == <Bobâs region></p> + + <p class=MsoNormal><span style='font-size:16.0pt;font-family:"Calibri Light",sans-serif;color:#2F5496'> </span></p> + + <p class=MsoNormal>Now assume this can be generalized to work for all users:</p> + + <p class=MsoNormal><span style='font-size:8.0pt;font-family:"Calibri Light",sans-serif;color:#2F5496'> </span></p> + + <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'><span style='font-family:Symbol'><span style='font:7.0pt "Times New Roman"'> </span></span><partner attribute value in row> == $USER.partner AND <sales region value in row> == $USER.region</p> + + <h1>Welcome to Attribute Based Access Control (ABAC)!</h1> + <p class=MsoNormal> + In RBAC, the role to which a user is assigned membership is the central method of expressing what the user + should be allowed access to. Bob is in the role partner.ABC, along with, say, Sarah and Thomas and Srikanth + and Joon. Thus, all these users have access to partner ABCâs data. + </p> + <p class=MsoNormal> </p> + <p class=MsoNormal> + In ABAC, the central method of expressing what the user should be allowed to have access to is the value of + the userâs attributes. Bobâs partner attribute value equals âABCâ, along with the partner attribute of Sarah + and Thomas and Srikanth and Joon. Just as in the RBAC case, all these users have access to partner ABCâs data. + </p> + <p class=MsoNormal> </p> + <p class=MsoNormal> + But how do we program this in Apache Ranger? Apache Ranger uses a user-store, populated with users and their + attributes typically loaded from LDAP, SCIM, Azure Active Directory (AAD), Okta, etc., by Apache Ranger + usersync. If an attribute named partner is added to a userâs record on the identity provider, then that + information will be gathered as part of the usersync and can be referenced within a Ranger policy condition + as $USER.partner. + </p> + <p class=MsoNormal> </p> + <h1>GlobalSalesPartners Row-Filters Using ABAC</h1> + <p class=MsoNormal> + Assume that the UserStore has been populated with salesRegion and salesPartner attributes for Bob and + Celestine as follows: + </p> + <p class=MsoNormal> </p> + + <table class=MsoTableGrid style='width:225pt;margin-left:30.35pt;border-collapse:collapse;border:none'> + <tr> + <td style='width:75pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p class=MsoNormal><b><span style='font-size:10.0pt'>User</span></b></p></td> + <td style='width:75pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p class=MsoNormal><b><span style='font-size:10.0pt'>salesRegion</span></b></p></td> + <td style='width:75pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p class=MsoNormal><b><span style='font-size:10.0pt'>salesPartner</span></b></p></td> + </tr> + <tr> + <td style='width:75pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>Bob</p></td> + <td style='width:75pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>US</p></td> + <td style='width:75pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>ABC</p></td> + </tr> + <tr> + <td style='width:75pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>Celestine</p></td> + <td style='width:75pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>EMEA</p></td> + <td style='width:75pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>XYZ</p></td> + </tr> + </table> + + <p class=MsoNormal> </p> + <p class=MsoNormal> </p> + <p class=MsoNormal> + With ABAC, the 8 row filter conditions from the previous blog post become a single condition, matching the + usersâ partners and regions with the value in the salesPartner and salesRegion columns: + </p> + <p class=MsoNormal> </p> + + <p class=MsoNormal align=center style='text-align:center'> + <img width=700 height=380 border=1 id="Picture 23" src="adventures_in_abac_2.files/fig2-policy_globalsalespartners_row_filter_abac.jpg" alt="Fig 2. Apache Ranger™ Table GlobalSalesPartners: ABAC-based row-filter policy to restrict access based on sales region and sales partner"> + </p> + + <p class=MsoNormal> </p> + <p class=MsoNormal align=center style='text-align:center'>Fig 2. Apache Ranger™ Table GlobalSalesPartners: ABAC-based row-filter policy to restrict access based on sales region and sales partner</p> + <p class=MsoNormal> </p> + + <p class=MsoNormal> </p> + <p class=MsoNormal> + This policy works for all users, not just those with salesRegion or salesPartner access like Bobâs or Celestineâs. + </p> + + <h1>ABAC in Tag-Based Policies</h1> + <p class=MsoNormal> + Next, consider tables representing a single sales region, like USSales from blog post Part 1. + </p> + <p class=MsoNormal> </p> + + <table class=MsoTableGrid style='width:300pt;margin-left:30.35pt;border-collapse:collapse;border:none'> + <tr> + <td style='width:125pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p class=MsoNormal><b><span style='font-size:10.0pt'>Resource</span></b></p></td> + <td style='width:75pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p class=MsoNormal><b><span style='font-size:10.0pt'>Tag</span></b></p></td> + <td style='width:100pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p class=MsoNormal><b><span style='font-size:10.0pt'>Tag Attribute</span></b></p></td> + </tr> + <tr> + <td style='width:125pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>Table: USSales</p></td> + <td style='width:75pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>salesRegion</p></td> + <td style='width:100pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><p class=MsoNormal>value=âUSâ</p></td> + </tr> + </table> + + <p class=MsoNormal> </p> + + <p class=MsoNormal> + Allow only users in the salesRegion.US role to access resources tagged with salesRegion.value = âUSâ. Create + a role-based (RBAC) tag policy that allows access to tagged tables based on the role membership of the user: + </p> + <p class=MsoNormal> </p> + + <p class=MsoNormal align=center style='text-align:center'> + <img width=700 height=380 border=1 id="Picture 23" src="adventures_in_abac_2.files/fig3-policy_tag_based_on_user_role.jpg" alt="Fig 3. Apache Ranger™ Tag-based policy allowing access to tagged tables based on the userâs role membership"> + </p> + + <p class=MsoNormal> </p> + <p class=MsoNormal align=center style='text-align:center'>Fig 3. Apache Ranger™ Tag-based policy allowing access to tagged tables based on the userâs role membership</p> + <p class=MsoNormal> </p> + + <p class=MsoNormal> </p> + + <p class=MsoNormal> + Using the RBAC method, we need to create a policy condition for each of the salesRegion.* roles. Depending on + how many salesRegions a company defines, this could get large. And if they are continually being added or + subtracted, the policy has to be commensurately updated. + </p> + + <p class=MsoNormal> </p> + <p class=MsoNormal> + Letâs use ABAC to greatly simplify this process, by creating a tag policy that allows table access to any user + whose salesRegion attribute matches the attribute of the salesRegion tag: + </p> + + <p class=MsoNormal align=center style='text-align:center'> + <img width=700 height=380 border=1 id="Picture 23" src="adventures_in_abac_2.files/fig4-policy_tag_policy_abac.jpg" alt="Fig 3. Apache Ranger™ ABAC-based tag policy to allow access to tables based on the value of the userâs attribute."> + </p> + + <p class=MsoNormal> </p> + <p class=MsoNormal align=center style='text-align:center'>Fig 4. Apache Ranger™ ABAC-based tag policy to allow access to tables based on the value of the userâs attribute.</p> + <p class=MsoNormal> </p> + + <p class=MsoNormal> </p> + <p class=MsoNormal> + As we have seen, ABAC makes policy creation and maintenance much easier! But what if the custodians of your + Identity Provider are too busy to keep up with managing the additional attributes you need for ABAC? Is there + another way to populate the UserStore? Yes! Check out Part 3 of this blog series to find out how you can + retrieve UserStore entries from a variety of alternative sources! + </p> + + <p class=MsoNormal> </p> + </div> + </div> + </body> + + <footer> + <div align=center > + <a href="/blogs.html">Apache Ranger™ blogs</a> + </div> + </footer> +</html> Modified: ranger/site/trunk/blogs.html URL: http://svn.apache.org/viewvc/ranger/site/trunk/blogs.html?rev=1913035&r1=1913034&r2=1913035&view=diff ============================================================================== --- ranger/site/trunk/blogs.html (original) +++ ranger/site/trunk/blogs.html Mon Oct 16 23:56:38 2023 @@ -7,7 +7,7 @@ <!-- - Generated by Apache Maven Doxia at 2023-05-30 Rendered using Reflow Maven Skin 2.0.0 (https://olamy.github.io/reflow-maven-skin) + Generated by Apache Maven Doxia at 2023-10-16 Rendered using Reflow Maven Skin 2.0.0 (https://olamy.github.io/reflow-maven-skin) --> <html xml:lang="en" lang="en"> @@ -173,6 +173,11 @@ <div style="font-size: 90%;color: #999;"> Posted on Apr 29, 2023 by Barbara Eckman, Comcast </div> </li> + <p></p> + <li> <p> <a href="blogs/adventures_in_abac_2.html" target="_blank">Adventures in attribute-based access control (ABAC) - part 2</a> </p> Explores use of attribute based access control to address more advanced use cases.<br> + <div style="font-size: 90%;color: #999;"> + Posted on Oct 15, 2023 by Barbara Eckman, Comcast + </div> </li> </ul> </div> </div> @@ -347,7 +352,7 @@ <p class="version-date"> <span class="projectVersion">Version: 3.0.0-SNAPSHOT.</span> - <span class="publishDate">Last Published: May-30-2023.</span> + <span class="publishDate">Last Published: Oct-16-2023.</span> </p> </div> </div>