Posts

Showing posts from June, 2011

Authorization for a Multi-Cloud System

Image
This is a project design I am currently working on to consume SPIFFE(Secure Production Identity Framework For Everyone) bootstrapped trust and identification to provide authorization in a dynamically scaling, heterogeneous system, inspired by Mr. Prabath Siriwardena from WSO2 and under the supervision of Prof. Gihan Dias from University of Moratuwa. An enterprise system running across multiple clouds, as in the hybrid cloud, is an obvious example that will be benefitted from this. The objective is to open doors for the SPIFFE standard based systems to co-exist with rest of the systems with minimal effort, without compromising on security aspects while having an authorization solution based on SPIFFE.
What is SPIFFE? In brief, it is a trust bootstrapping and identification framework, submitted as a standard and accepted by CNCF(Cloud Native Computing Foundation)[1]. As of now, this standard has two main implementations as SPIRE and Istio[2], a platform that supports service mesh archit…

A sample on calling WSO2 Identity Server functionalities through the API

This sample demonstrates how to authenticate a user and to allow that user to access authorized resources(services), using the API of WSO2 Identity Server (WSO2IS). Simply this simulates few functions without the GUI of the server.
Scenario: 
After authentication, if user is authenticated having the role of 'admin', will have privileges to add or remove XACML policies, and evaluate them against sample requests. Following are the steps to be demonstrated.

Log into server after authentication Add a policy from local machine Read the enabled policy of the server Remove a policy Evaluate the enabled policy against a requestStart the Identity Server as explained in user guide. Just extracting the downloaded file, setting up JAVA_HOME environment variable and running .sh or .bat script according to your operating system.Open the downloaded project in your favorite IDE and add the plugins of the WSO2IS to the project dependencies. The plugins location will look like this at the end, …