Posts

Showing posts from December, 2017

OPA for HTTP Authorization

Open Policy Agent[1] is a promising, light weight and very generic policy engine to govern authorization is any type of domain. I found this comparion[2] very attractive in evaluating OPA for a project I am currently working on, where they demonstrate how OPA can cater same functionality defined in RBAC, RBAC with Seperation of Duty, ABAC and XACML.  
Here are the steps to a brief demonstration of OPA used for HTTP API authorization based on the sample [3], taking it another level up.
Running OPA Server First we need to download OPA from [4], based on the operating system we are running on.  For linux, curl -L -o opa https://github.com/open-policy-agent/opa/releases/download/v0.10.3/opa_linux_amd64 Make it executable, chmod 755 ./opa Once done, we can start OPA policy engine as a server.
./opa run --server Define Data and Rules Next we need to load data and authorization rules to the server, so it can make decisions. OPA defines these in files in the format of .rego. Below is a sample …

Identity Mediation for PSD2

Partners, mergers, legal entities, government entities, customers all need to work together in this era, while honoring the boundaries they should work within. This is with link to my previous post on challenges of future IAM requirements arising with increased interchangeability requirements between diversified parties.
Challenges of Future IAM (concerned with Mergers , Acquisitions, Startups) -http://pushpalankajaya.blogspot.com/2017/07/challenges-of-future-iam-concerned-with.htmlFuture of Identity and Access Management (IAM)- http://pushpalankajaya.blogspot.com/2017/07/future-of-identity-and-access.html This need is much more emphasized with the new regulations such as PSD2 in EU region that is putting foundation for Open Banking. While these standards define guidance for implementation interfaces,  End user authentication and authorizationThird party authentication and authorizationIdentity mgt of internal staff,  has hidden needs of identity mediation. Federated authentication i…

Building a Fool Proof Security Strategy for PSD2 Compliance

Following are the slides I used in a webinar by WSO2 to look at the IAM and overall security aspects of a fully PSD2 Complaint Solution. While it lists down the basic requirements to be PSD2 complaint, it also explains the requirements that are not visible out in the surface, but very valuable in building a comprehensive and robust solution that will have a long term vision while being PSD2 complaint as per the urgent need.

Building a Fool Proof Security Strategy for PSD2 Compliance from WSO2 Inc.

The webinar recording is available at 
https://wso2.com/library/webinars/2017/11/building-a-fool-proof-security-strategy-for-psd2-compliance/