Enabling Role-Based Access Control Using XACML

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Enabling Role-Based Access Control Using XACML

Chathurika De Silva
Hi

While trying to get a fine grained access control implemented for apis using WSO2 Identity server, I came across [1] which provides a high level guide to get it done, then going forward I referred [2] which discusses $subject.

In [1] it mentions using WSO2 IS set up as the key manager for WSO2 API Manager, whereas in [2] the first step describes only on setting up a common user store between the two products.

As [3] indicates, setting up WSO2 IS as the key manager contains some additional configurations. So in order to get fine grain access control implemented, will just setting up a common user store be sufficient or does the IS as the key manager setup as mentioned in [1] is required?


Thanks
Erandi



--
Chathurika Erandi
Senior Software Engineer, 
WSO2 Inc.


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Role-Based Access Control Using XACML

Pubudu Gunatilaka-2
Hi Chathurika,

If you are using IS for Key validation, then you need to follow [3] as well. Otherwise, I guess you don't need to configure.

Thank you!

On Thu, Dec 7, 2017 at 12:31 PM, Chathurika De Silva <[hidden email]> wrote:
Hi

While trying to get a fine grained access control implemented for apis using WSO2 Identity server, I came across [1] which provides a high level guide to get it done, then going forward I referred [2] which discusses $subject.

In [1] it mentions using WSO2 IS set up as the key manager for WSO2 API Manager, whereas in [2] the first step describes only on setting up a common user store between the two products.

As [3] indicates, setting up WSO2 IS as the key manager contains some additional configurations. So in order to get fine grain access control implemented, will just setting up a common user store be sufficient or does the IS as the key manager setup as mentioned in [1] is required?


Thanks
Erandi



--
Chathurika Erandi
Senior Software Engineer, 
WSO2 Inc.




--
Pubudu Gunatilaka
Committer and PMC Member - Apache Stratos
Senior Software Engineer 
WSO2, Inc.: http://wso2.com
mobile : <a href="tel:%2B94772207163" value="+94772207163" style="font-size:x-small;color:rgb(17,85,204)" target="_blank">+94774078049


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev