[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: openaz: xacml oauth demo policy model - as discussed @ 5/11 tc mtg
As mentioned in yesterday's minutes:https://lists.oasis-open.org/archives/xacml/201705/msg00002.htmlOp The OpenAz project demonstrated how to implement a baseline OAuth Authorization ServerRich: The OpenAZ demo on the TC site does a good job of demonstrating how OAuth can be implemented in conjunction with XACML. Bill: I think it would be worthwhile to see if we can find a way to bump this up. I think we were ahead of the curve here. using XACML policies. Basically, there were 3 endpoints, each of which would trigger activation of distinct PolicySet for requests that went to: /authorizeThe policies were written in a pre-ALFA pseudo-policy language, which would then be parsed and translated into standard XACML. The pseudo language (called "xacml shorthand" )is easier to follow than the pure xacml, but links to both follow for reference: pseudo-language for basic OAuth AzSvr:So, basically, a quick reading of the .txt file above shows comments on the 3 main policysets: /authorize endpoint: comment lines 53->56 for PS 10-2Feel free to ask any questions. The main web-site contains all the directions for downloading, building, running, etc. (RB 1.2 was the last version before it was moved to apache incubator) https://sourceforge.net/p/openaz/code/HEAD/tree/branches/RB-1.2/ Thanks, Rich |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]