Posts

Showing posts from June, 2011

OPA for HTTP Authorization

Open Policy Agent[1] is a promising, light weight and very generic policy engine to govern authorization is any type of domain. I found this comparion[2] very attractive in evaluating OPA for a project I am currently working on, where they demonstrate how OPA can cater same functionality defined in RBAC, RBAC with Seperation of Duty, ABAC and XACML.  
Here are the steps to a brief demonstration of OPA used for HTTP API authorization based on the sample [3], taking it another level up.
Running OPA Server First we need to download OPA from [4], based on the operating system we are running on.  For linux, curl -L -o opa https://github.com/open-policy-agent/opa/releases/download/v0.10.3/opa_linux_amd64 Make it executable, chmod 755 ./opa Once done, we can start OPA policy engine as a server.
./opa run --server Define Data and Rules Next we need to load data and authorization rules to the server, so it can make decisions. OPA defines these in files in the format of .rego. Below is a sample …

A sample on calling WSO2 Identity Server functionalities through the API

This sample demonstrates how to authenticate a user and to allow that user to access authorized resources(services), using the API of WSO2 Identity Server (WSO2IS). Simply this simulates few functions without the GUI of the server.
Scenario: 
After authentication, if user is authenticated having the role of 'admin', will have privileges to add or remove XACML policies, and evaluate them against sample requests. Following are the steps to be demonstrated.

Log into server after authentication Add a policy from local machine Read the enabled policy of the server Remove a policy Evaluate the enabled policy against a requestStart the Identity Server as explained in user guide. Just extracting the downloaded file, setting up JAVA_HOME environment variable and running .sh or .bat script according to your operating system.Open the downloaded project in your favorite IDE and add the plugins of the WSO2IS to the project dependencies. The plugins location will look like this at the end, …