SlideShare a Scribd company logo

Access control patterns

WSO2, profile picture
WSO2

This document discusses access control patterns and practices using WSO2 middleware. It provides an overview of the speaker's background and experience. It then covers topics such as discretionary vs mandatory access control, authorization tables vs access control lists vs capabilities, XACML as the standard for policy-based access control, and examples of implementing access control in WSO2 products using XACML, SAML, and other technologies.

BusinessTechnology
1 of 26
Downloaded 93 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Access  Control  Pa.erns  &  Prac0ces   with     WSO2  Middleware     Prabath  Siriwardena      
About  Me   •  Director  of  Security  Architecture  at  WSO2   •  Leads  WSO2  Iden8ty  Server  –  an  open  source  iden8ty  and   en8tlement  management  product.   •  Apache  Axis2/Rampart  commiCer  /  PMC   •  A  member  of  OASIS  Iden8ty  Metasystem  Interoperability   (IMI)  TC,  OASIS  eXtensible  Access  Control  Markup  Language   (XACML)  TC  and  OASIS  Security  Services  (SAML)  TC.   •  TwiCer  :  @prabath   •  Email  :  prabath@apache.org   •  Blog  :  hCp://blog.facilelogin.com   •  LinkedIn  :  hCp://www.linkedin.com/in/prabathsiriwardena    
     Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)
    With the Discretionary Access Control, the user can be the owner of the data and at his discretion can transfer the rights to another user.
    With Mandatory Access Control, only designated users are allowed to grant rights and, users cannot transfer them.
    All WSO2 Carbon based products are based on Mandatory Access Control.
    Group is a collection of Users - while a Role is a collection of permissions.
    Authorization Table vs. Access Control Lists vs. Capabilities
    Authorization Table is a three column table with subject, action and resource.
With Access Control Lists, each resource is associated with a list, indicating, for each   subject, the actions that the subject can exercise on the resource.  
With Capabilities, each subject has an associated list, called capability list, indicating,   for each resource, the accesses that the user is allowed to exercise on the resource.  
    Access Control List is resource driven while capabilities are subject driven.
    With policy based access control we can have authorization policies with a fine granularity.
    Capabilities and Access Control Lists can be dynamically derived from policies.
    XACML is the de facto standard for policy based access control.
    XACML provides a reference architecture, a request response protocol and a policy language.
XACML  Reference  Architecture   Policy  Administra0on   Point  (PAP)   Policy  Decision  Point   (PDP)   Policy  Store   Policy  Enforcement  Point   (PEP)   Policy  Informa0on  Point   (PIP)  
WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (STS)   WSO2  Applica0on  Server   (SOAP  Service)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0ons  (Capabili0es)   SAML  token  request   Client  Applica0on   SAML  token  with   Authen0ca0on     and     Authoriza0on  Asser0on   +   Service  Request  
WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (SAML2  IdP)   WSO2  Applica0on  Server   (Web  Applica0on)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0on  (Capabili0es)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
Role  Based  Access  Control   WSO2  Applica0on  Server   (SOAP  Service)   Client  Applica0on   Service  Request  +  Creden0als   WSO2  ESB   (Policy  Enforcement   Point)   RBAC  
WSO2  ESB  as  the  XACML  PEP  (SOAP  and  REST)   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   WSO2  Applica0on  Server   (SOAP  Service)   XACML  Request   WSO2  ESB   (Policy  Enforcement   Point)   Client  Applica0on   Service  Request  +  Creden0als  
XACML  PEP  as  a  Servlet  Filter   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   XACML  Request   XACML    Servlet  Filter   Client  Applica0on   WSO2  Applica0on  Server   Service  Request  +  Creden0als  
OAuth  +  XACML   WSO2  Iden0ty  Server   (OAuth   Authoriza0on  Server)   XACML     Request   Validate()   XACML  Response   WSO2  Iden0ty  Server   (XACML  PDP)   API  Gateway   Access   Token   Client  Applica0on  
Authoriza0on  with  External  IdPs  (Role  Mapping)   WSO2  Iden0ty  Server   IdP   Groups   External  SAML2  IdP   (Salesforce)   SAML  token  with  Authen0ca0on     and  A.ribute  Asser0ons  with  IdP  groups   Web  App     roles   WSO2  Applica0on  Server   (Web  Applica0on)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
      Liferay  Portal                             XACML  Mul0ple  Decisions  and     Applica0on  Specific  Roles   XACML  Request   WSO2  Iden0ty  Server   (XAML  PDP)   XACML  Response   Login  
lean  .  enterprise  .  middleware  

More Related Content

PDF
SHACL Overview
Irene Polikoff
 
PPTX
RDF Data Model
Jose Emilio Labra Gayo
 
PPTX
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
PDF
Html 5 -_aula_1
Pedro Neto
 
PPTX
Integrity Constraints
Megha yadav
 
PPTX
Xml ppt
seemadav1
 
PDF
Introduction to RDF & SPARQL
Open Data Support
 
PPTX
RDF data model
Jose Emilio Labra Gayo
 
SHACL Overview
Irene Polikoff
 
RDF Data Model
Jose Emilio Labra Gayo
 
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
Html 5 -_aula_1
Pedro Neto
 
Integrity Constraints
Megha yadav
 
Xml ppt
seemadav1
 
Introduction to RDF & SPARQL
Open Data Support
 
RDF data model
Jose Emilio Labra Gayo
 

What's hot (20)

PPTX
XML Introduction
Bikash chhetri
 
PPTX
Dapper
Suresh Loganatha
 
PPT
Oracle archi ppt
Hitesh Kumar Markam
 
PPTX
Javascript validating form
Jesus Obenita Jr.
 
PDF
Programação Web - CSS
Mauro Pereira
 
PDF
Data Base Management System.pdf
TENZING LHADON
 
PPTX
RDF validation tutorial
Jose Emilio Labra Gayo
 
PPTX
Xml presentation
Miguel Angel Teheran Garcia
 
PPTX
The OAuth 2.0 Authorization Framework
Samuele Cozzi
 
PPTX
Sql Basics And Advanced
rainynovember12
 
PPT
Data in RDF
Emanuele Della Valle
 
PPT
Database security
CAS
 
PPT
SQL Tutorial - Basic Commands
1keydata
 
PDF
Introduction of EC-CUBE 4.0
Tao Sasaki
 
PDF
Matching Identity Management Solutions to Self-Sovereign Identity Principles
Tommy Koens
 
PPTX
Security of the database
Pratik Tamgadge
 
PPTX
Introduction to Oracle Database
puja_dhar
 
PPTX
Introduction to database & sql
zahid6
 
PDF
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
SSIMeetup
 
PPT
07 data linkcontrol
chameli devi group of institutions
 
XML Introduction
Bikash chhetri
 
Dapper
Suresh Loganatha
 
Oracle archi ppt
Hitesh Kumar Markam
 
Javascript validating form
Jesus Obenita Jr.
 
Programação Web - CSS
Mauro Pereira
 
Data Base Management System.pdf
TENZING LHADON
 
RDF validation tutorial
Jose Emilio Labra Gayo
 
Xml presentation
Miguel Angel Teheran Garcia
 
The OAuth 2.0 Authorization Framework
Samuele Cozzi
 
Sql Basics And Advanced
rainynovember12
 
Data in RDF
Emanuele Della Valle
 
Database security
CAS
 
SQL Tutorial - Basic Commands
1keydata
 
Introduction of EC-CUBE 4.0
Tao Sasaki
 
Matching Identity Management Solutions to Self-Sovereign Identity Principles
Tommy Koens
 
Security of the database
Pratik Tamgadge
 
Introduction to Oracle Database
puja_dhar
 
Introduction to database & sql
zahid6
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
SSIMeetup
 
07 data linkcontrol
chameli devi group of institutions
 
Ad

Viewers also liked (12)

PDF
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2
 
PPTX
Introducing the WSO2 Platform
WSO2
 
PDF
Introduction to the WSO2 Carbon Platform
WSO2
 
PDF
The Role of Governance in Connecting Businesses
WSO2
 
PDF
The WSO2 Advantage for a Connected Business
WSO2
 
PDF
Introduction to the Connected Business
WSO2
 
PDF
Data Entitlement with WSO2 Enterprise Middleware Platform
WSO2
 
PDF
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
WSO2
 
PDF
WSO2 Year End Tech Update 2012
WSO2
 
PDF
Understanding the WSO2 Platform and Technology
WSO2
 
PDF
WSO2 Year End Tech Update Webinar
WSO2
 
PPTX
Understanding the WSO2 Platform
WSO2
 
WSO2Con EU 2016: Rethinking Message Brokering with WSO2 Message Broker
WSO2
 
Introducing the WSO2 Platform
WSO2
 
Introduction to the WSO2 Carbon Platform
WSO2
 
The Role of Governance in Connecting Businesses
WSO2
 
The WSO2 Advantage for a Connected Business
WSO2
 
Introduction to the Connected Business
WSO2
 
Data Entitlement with WSO2 Enterprise Middleware Platform
WSO2
 
Consumer to Data: Next-Generation Middleware and Cloud Platform for your Ente...
WSO2
 
WSO2 Year End Tech Update 2012
WSO2
 
Understanding the WSO2 Platform and Technology
WSO2
 
WSO2 Year End Tech Update Webinar
WSO2
 
Understanding the WSO2 Platform
WSO2
 
Ad

Similar to Access control patterns (20)

PDF
Uncovering XACML to solve real world business use cases
WSO2
 
PPTX
WSO2Con USA 2017: Building a Secure Enterprise
WSO2
 
PDF
Addressing Security Concerns with WSO2 Governance Registry Policy Store
WSO2
 
PDF
The WSO2 Identity Server - An answer to your common XACML dilemmas
sureshattanayake
 
PDF
The WSO2 Identity Server - An answer to your common XACML dilemmas
sureshattanayake
 
PDF
The WSO2 Identity Server - An answer to your common XACML dilemmas
WSO2
 
PDF
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
PDF
WSO2 Identity Server - Product Overview
WSO2
 
PDF
End-to-End Identity Management
WSO2
 
PDF
SOA Pattern : Policy Centralization
WSO2
 
PPTX
SANS Institute Product Review: Oracle Entitlements Server
OracleIDM
 
PDF
Identity and Entitlement Management Concepts
WSO2
 
PPTX
Authorization - it's not just about who you are
David Brossard
 
PDF
Axiomatics webinar 13 june 2013 shared
Finn Frisch
 
PPT
Verification and change impact analysis of access-control policies
bdemchak
 
PDF
Dev Dives: Master advanced authentication and performance in Productivity Act...
UiPathCommunity
 
PPTX
WSO2Con USA 2014 - Identity Server Tutorial
Prabath Siriwardena
 
PPTX
Authorization Pattern.pptx power point s
Coderkids
 
PPTX
XACML - XML Amsterdam2011
Ray Sinnema
 
PDF
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
Profesia Srl, Lynx Group
 
Uncovering XACML to solve real world business use cases
WSO2
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2
 
Addressing Security Concerns with WSO2 Governance Registry Policy Store
WSO2
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
sureshattanayake
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
sureshattanayake
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
WSO2
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
WSO2 Identity Server - Product Overview
WSO2
 
End-to-End Identity Management
WSO2
 
SOA Pattern : Policy Centralization
WSO2
 
SANS Institute Product Review: Oracle Entitlements Server
OracleIDM
 
Identity and Entitlement Management Concepts
WSO2
 
Authorization - it's not just about who you are
David Brossard
 
Axiomatics webinar 13 june 2013 shared
Finn Frisch
 
Verification and change impact analysis of access-control policies
bdemchak
 
Dev Dives: Master advanced authentication and performance in Productivity Act...
UiPathCommunity
 
WSO2Con USA 2014 - Identity Server Tutorial
Prabath Siriwardena
 
Authorization Pattern.pptx power point s
Coderkids
 
XACML - XML Amsterdam2011
Ray Sinnema
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
Profesia Srl, Lynx Group
 

More from WSO2 (20)

PDF
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
WSO2
 
PDF
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
WSO2
 
PDF
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
WSO2
 
PDF
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
WSO2
 
PDF
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
WSO2
 
PDF
Platformless Modernization with Choreo.pdf
WSO2
 
PDF
Application Modernization with Choreo for the BFSI Sector
WSO2
 
PDF
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
WSO2
 
PDF
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
WSO2
 
PPTX
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2
 
PPTX
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2
 
PPTX
WSO2Con 2025 - Building Secure Customer Experience Apps
WSO2
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
PPTX
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
WSO2
 
PPTX
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
WSO2
 
PPTX
WSO2Con 2025 - Architecting Cloud-Native Applications
WSO2
 
PDF
Mastering Intelligent Digital Experiences with Platformless Modernization
WSO2
 
PDF
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
PDF
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
WSO2
 
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
WSO2
 
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
WSO2
 
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
WSO2
 
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
WSO2
 
Platformless Modernization with Choreo.pdf
WSO2
 
Application Modernization with Choreo for the BFSI Sector
WSO2
 
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
WSO2
 
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
WSO2
 
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2
 
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2
 
WSO2Con 2025 - Building Secure Customer Experience Apps
WSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
WSO2
 
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
WSO2
 
WSO2Con 2025 - Architecting Cloud-Native Applications
WSO2
 
Mastering Intelligent Digital Experiences with Platformless Modernization
WSO2
 
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 

Recently uploaded (20)

PPT
340036916-American-Literature-Literary-Period-Overview.ppt
carinaherdiles611
 
PPTX
Probability Distribution, binomial distribution, poisson distribution
gayusakktivel
 
PDF
Digital Marketing & E-commerce Certificate Glossary.pdf.................
RoobaV2
 
PDF
COST SHEET- Tender and Quotation unit 2.pdf
MANJU N
 
PDF
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PPTX
2025 Product Deck V1.0.pptxCATALOGTCLCIA
AndreaRominaHoyosSur2
 
PDF
DOC-20250806-WA0002._20250806_112011_0000.pdf
dhanusriss08
 
PPTX
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
PDF
Roadmap Map-digital Banking feature MB,IB,AB
Alemayehu
 
PDF
Tata consultancy services case study shri Sharda college, basrur
nityanema19
 
PDF
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
PPTX
Amazon (Business Studies) management studies
AbhirupVerma
 
PPTX
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
PPTX
job Avenue by vinith.pptxvnbvnvnvbnvbnbmnbmbh
kaniece
 
PPTX
svnfcksanfskjcsnvvjknsnvsdscnsncxasxa saccacxsax
ergvedfvef sdvsfvdvd
 
PDF
BsN 7th Sem Course GridNNNNNNNN CCN.pdf
ZAMANYousufzai1
 
PDF
Nidhal Samdaie CV - International Business Consultant
Nidhal Samdaie
 
PDF
Unit 1 Cost Accounting - Cost sheet
MANJU N
 
PPTX
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
PDF
MSPs in 10 Words - Created by US MSP Network
Mayur Gudka
 
340036916-American-Literature-Literary-Period-Overview.ppt
carinaherdiles611
 
Probability Distribution, binomial distribution, poisson distribution
gayusakktivel
 
Digital Marketing & E-commerce Certificate Glossary.pdf.................
RoobaV2
 
COST SHEET- Tender and Quotation unit 2.pdf
MANJU N
 
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
2025 Product Deck V1.0.pptxCATALOGTCLCIA
AndreaRominaHoyosSur2
 
DOC-20250806-WA0002._20250806_112011_0000.pdf
dhanusriss08
 
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
Roadmap Map-digital Banking feature MB,IB,AB
Alemayehu
 
Tata consultancy services case study shri Sharda college, basrur
nityanema19
 
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
Amazon (Business Studies) management studies
AbhirupVerma
 
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
job Avenue by vinith.pptxvnbvnvnvbnvbnbmnbmbh
kaniece
 
svnfcksanfskjcsnvvjknsnvsdscnsncxasxa saccacxsax
ergvedfvef sdvsfvdvd
 
BsN 7th Sem Course GridNNNNNNNN CCN.pdf
ZAMANYousufzai1
 
Nidhal Samdaie CV - International Business Consultant
Nidhal Samdaie
 
Unit 1 Cost Accounting - Cost sheet
MANJU N
 
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
MSPs in 10 Words - Created by US MSP Network
Mayur Gudka
 

Access control patterns

  • 1. Access  Control  Pa.erns  &  Prac0ces   with     WSO2  Middleware     Prabath  Siriwardena      
  • 2. About  Me   •  Director  of  Security  Architecture  at  WSO2   •  Leads  WSO2  Iden8ty  Server  –  an  open  source  iden8ty  and   en8tlement  management  product.   •  Apache  Axis2/Rampart  commiCer  /  PMC   •  A  member  of  OASIS  Iden8ty  Metasystem  Interoperability   (IMI)  TC,  OASIS  eXtensible  Access  Control  Markup  Language   (XACML)  TC  and  OASIS  Security  Services  (SAML)  TC.   •  TwiCer  :  @prabath   •  Email  :  prabath@apache.org   •  Blog  :  hCp://blog.facilelogin.com   •  LinkedIn  :  hCp://www.linkedin.com/in/prabathsiriwardena    
  • 3.      Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)
  • 4.     With the Discretionary Access Control, the user can be the owner of the data and at his discretion can transfer the rights to another user.
  • 5.     With Mandatory Access Control, only designated users are allowed to grant rights and, users cannot transfer them.
  • 6.     All WSO2 Carbon based products are based on Mandatory Access Control.
  • 7.     Group is a collection of Users - while a Role is a collection of permissions.
  • 8.     Authorization Table vs. Access Control Lists vs. Capabilities
  • 9.     Authorization Table is a three column table with subject, action and resource.
  • 10. With Access Control Lists, each resource is associated with a list, indicating, for each   subject, the actions that the subject can exercise on the resource.  
  • 11. With Capabilities, each subject has an associated list, called capability list, indicating,   for each resource, the accesses that the user is allowed to exercise on the resource.  
  • 12.     Access Control List is resource driven while capabilities are subject driven.
  • 13.     With policy based access control we can have authorization policies with a fine granularity.
  • 14.     Capabilities and Access Control Lists can be dynamically derived from policies.
  • 15.     XACML is the de facto standard for policy based access control.
  • 16.     XACML provides a reference architecture, a request response protocol and a policy language.
  • 17. XACML  Reference  Architecture   Policy  Administra0on   Point  (PAP)   Policy  Decision  Point   (PDP)   Policy  Store   Policy  Enforcement  Point   (PEP)   Policy  Informa0on  Point   (PIP)  
  • 18. WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (STS)   WSO2  Applica0on  Server   (SOAP  Service)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0ons  (Capabili0es)   SAML  token  request   Client  Applica0on   SAML  token  with   Authen0ca0on     and     Authoriza0on  Asser0on   +   Service  Request  
  • 19. WSO2  Iden0ty  Server   (XACML  PDP)   XACML     Request   XACML  with  Capabili0es  (WS-­‐Trust)     Hierarchical  Resource  Profile     XACML  Response   WSO2  Iden0ty  Server   (SAML2  IdP)   WSO2  Applica0on  Server   (Web  Applica0on)   SAML  token  with  Authen0ca0on     and     Authoriza0on  Asser0on  (Capabili0es)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
  • 20. Role  Based  Access  Control   WSO2  Applica0on  Server   (SOAP  Service)   Client  Applica0on   Service  Request  +  Creden0als   WSO2  ESB   (Policy  Enforcement   Point)   RBAC  
  • 21. WSO2  ESB  as  the  XACML  PEP  (SOAP  and  REST)   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   WSO2  Applica0on  Server   (SOAP  Service)   XACML  Request   WSO2  ESB   (Policy  Enforcement   Point)   Client  Applica0on   Service  Request  +  Creden0als  
  • 22. XACML  PEP  as  a  Servlet  Filter   WSO2  Iden0ty  Server   (XACML  PDP)   XACML  Response   XACML  Request   XACML    Servlet  Filter   Client  Applica0on   WSO2  Applica0on  Server   Service  Request  +  Creden0als  
  • 23. OAuth  +  XACML   WSO2  Iden0ty  Server   (OAuth   Authoriza0on  Server)   XACML     Request   Validate()   XACML  Response   WSO2  Iden0ty  Server   (XACML  PDP)   API  Gateway   Access   Token   Client  Applica0on  
  • 24. Authoriza0on  with  External  IdPs  (Role  Mapping)   WSO2  Iden0ty  Server   IdP   Groups   External  SAML2  IdP   (Salesforce)   SAML  token  with  Authen0ca0on     and  A.ribute  Asser0ons  with  IdP  groups   Web  App     roles   WSO2  Applica0on  Server   (Web  Applica0on)   Browser  Redirect  with  SAML  Request   Unauthen0cated  Request  
  • 25.       Liferay  Portal                             XACML  Mul0ple  Decisions  and     Applica0on  Specific  Roles   XACML  Request   WSO2  Iden0ty  Server   (XAML  PDP)   XACML  Response   Login  
  • 26. lean  .  enterprise  .  middleware