Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Chapter – Architecture & Focus on Authorization PDP Cyril Dangerville (TS), Chapter Architect, Authorization PDP GE owner 7 July 2016.

Published byJoseph Carroll Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Chapter – Architecture & Focus on Authorization PDP Cyril Dangerville (TS), Chapter Architect, Authorization PDP GE owner 7 July 2016."— Presentation transcript:

1 Security Chapter – Architecture & Focus on Authorization PDP Cyril Dangerville (TS), Chapter Architect, Authorization PDP GE owner 7 July 2016

2 Security Chapter’s Architecture Overview

3 Identity Management - Architecture

4 Authorization PDP - Architecture

5 PEP Proxy - Architecture

6 Authorization PDP Status

7 Sprint 5.1.1 Provided FILAB image for R4 – Scripts for image creation (helping FILAB team to fix some issue with verification script) Technical roadmap for R5 (~10 features planned) Bug fixing Answered 2 tickets in helpdesk New security feature (recommended by XACML spec): enabling admins to control/limit the use of Policy References (prevent stack overflow / denial of service): – Policy1 -> Policy2 -> Policy3 ->...

8 Sprint 5.1.2 & 5.1.3 Finish updating the Academy course New security feature: configuration parameter for admins to control/limit the use of Variable References in XACML Policies (prevent stack overflow / denial of service) – Variable v1 (expression)  Variable v2 ... New feature: policy versioning with support of Version in policy reference: – Policy P1  Policy P2,v0.1 (latest version used by default)

9 Sprint 5.2.1 Admin tool to migrate an existing Authzforce installation in 4.2.0 to later version (significant changes in conf and API) - Decided by Thales to make the life of admins easier and keep up with the new release updates New security features: – Policy quota: New configuration parameter for admins to control max number of policies per domain – Policy versioning: new config parameter for admins to control max number of versions per policy

10 Sprint 5.2.2 New feature: Extended Indeterminate (type of PDP decision like Permit, Deny and NotApplicable)  completed full XACML 3.0 Core compliance (mandatory features) A few “optional” features remain in XACML Core spec but not used so far, e.g. XPath functions

11 Sprint 5.2.3 Applied changes to FIWARE developer guidelines – Fixed Docker image according to FIWARE guidelines (automated build, tags) – Github badges – Github webhook for mirroring to FIWARE repo – Readthedocs: FIWARE style New feature: API enhancement: – FastInfoset support (standard binary XML, optimizing size and parsing/serializing) New features: extension mechanisms for: – Pluggable XACML datatype – Pluggable XACML function Demo done for the Sprint Meeting FIWARE Hackathon with StartupYard (Prague). Contact: Nikola Rafaj.

12 Sprint 5.3.1 Fixed issues reported by Quality Assurance: – Doc issues: Missing/wrong links (e.g. Docker, tutorial…) Missing API section in Open Spec wiki Some part of PAP API (attribute providers update) is not documented Instructions for installing Java dependency not valid in some cases New features: extension mechanisms: – Pluggable XACML policy/rule combining algorithm – Pluggable XACML request filter (e.g. used for Multi Decision Profile)

13 Sprint 5.3.2 Fixed remaining issues reported by Quality Assurance – Software bugs: Policy still visible in PAP API after deleting last remaining version of the policy – Doc issues: Missing information on PAP API - Attribute providers management operation New features: extension mechanisms for: – Pluggable XACML Result filter (for developers to customize processing of the XACML response) Updated documentation on the new features

14 Sprint 5.3.3 Perf testing: implemented XACML dataset generator + Jmeter config for testing performances of Authzforce server or other AuthorizationPDP GE-compliant implementation if any Joined open source community “OpenAz” around XACML tools and libraries, for potential contributions

15 Planned for 5.4.1 Publish Authzforce (GEri) to the official list of XACML implementations on OASIS XACML Technical Committee’s homepage New Feature: REST Profile of XACML 3.0 PRIORITY: provide some support to FIWARE QA team (riccardo.zanetti@eng.it) for non- functional/performance testing (with the test dataset generator made in Sprint 5.3.3)

16 Planned for 5.4.2 & 5.4.3 New Feature: Pluggable Data Store, for storing policies, PDP configurations, etc. in custom data stores (currently limited to flat file database) Deliverables: D1.7.2.b FIWARE GE Open SpecificationsOpen Specifications 80% done - TODO: add REST Profile of XACML 3.0 compliance in wiki API spec (sources) API spec sources D1.7.3.b Software release R5

17 Current release in Github/Docker/catalogue: 5.3.0 TODO: after last feature implemented…… Github: tag new release Github Docker: synchronized with Github (linked from catalogue, Docker Hub)linked from catalogueDocker Hub Manuals on ReadTheDocs (source): install guide, programmers guide Manuals (source): FILAB image R5: update install/verif scripts after final release done in Github FILAB image R5install/verif scripts Update course on FIWARE academy Catalogue : update version/doc/tutorials/download links Catalogue

18 External contributions OASIS XACML TC: Contributed tools for XACML (policy conversion) Reported issues in XACML 3.0 core spec Add Authzforce to OASIS XACML TC homepage, section “Available XACML implementations” - PENDING OpenAz membership: Apache project (open source community) around XACML tools & libraries OW2: https://authzforce.ow2.org : only for the PDP core engine, i.e. Java library (≠ FIWARE GEri, i.e. server with RESTful API)https://authzforce.ow2.org

Download ppt "Security Chapter – Architecture & Focus on Authorization PDP Cyril Dangerville (TS), Chapter Architect, Authorization PDP GE owner 7 July 2016."

Similar presentations

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Security Chapter, FIWARE Sprint 4.3.1 status Chapter Leader: Pascal Bisson Chapter Architect: Cyril Dangerville.

Security Chapter, FIWARE Sprint status Chapter Leader: Pascal Bisson Chapter Architect: Cyril Dangerville.
Professional Informatics & Quality Assurance Software Lifecycle Manager „Tools that are more a help than a hindrance”

Professional Informatics & Quality Assurance Software Lifecycle Manager „Tools that are more a help than a hindrance”
Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.

Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Towards Bboogle 3.0.0: a Technical Walkthrough Patricia Goldweic Sr. Software Engineer AR&T, Northwestern University Brian Nielsen Manager, Faculty Support.

Towards Bboogle 3.0.0: a Technical Walkthrough Patricia Goldweic Sr. Software Engineer AR&T, Northwestern University Brian Nielsen Manager, Faculty Support.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
James Cabral, David Webber, Farrukh Najmi, July 2012.

James Cabral, David Webber, Farrukh Najmi, July 2012.
OData Technical Committee Kick-off July 26, 2012.

OData Technical Committee Kick-off July 26, 2012.
Get off on the right foot Included with SOTI JumpStart: Creation and deployment of a single package FileSync and Single lockdown Email configuration, enabling.

Get off on the right foot Included with SOTI JumpStart: Creation and deployment of a single package FileSync and Single lockdown configuration, enabling.
Managing User Desktops with Group Policy

Managing User Desktops with Group Policy
Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.
Kuali Rice – ARC / TRC Update May 18, 2010 Eric Westfall – Kuali Rice Project Manager.

Kuali Rice – ARC / TRC Update May 18, 2010 Eric Westfall – Kuali Rice Project Manager.
Sprint 103 Review / Sprint 104 Planning March 25, 2013.

Sprint 103 Review / Sprint 104 Planning March 25, 2013.
11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.

11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.
EMI is partially funded by the European Commission under Grant Agreement RI-261611 Argus Policies Tutorial Valery Tschopp - SWITCH EGI TF Prague.

EMI is partially funded by the European Commission under Grant Agreement RI Argus Policies Tutorial Valery Tschopp - SWITCH EGI TF Prague.
© 2002 IBM Corporation Confidential | Date | Other Information, if necessary June, 2011 Made available under the Eclipse Public License v 1.0 1 Mobile.

© 2002 IBM Corporation Confidential | Date | Other Information, if necessary June, 2011 Made available under the Eclipse Public License v Mobile.
Workforce Scheduling Release 5.0 for Windows Implementation Overview OWS Development Team.

Workforce Scheduling Release 5.0 for Windows Implementation Overview OWS Development Team.
GOSS iCM 10.0.0.0 Gary Ratcliffe. 2 Agenda Webinar Programme V10 Overview Version Information Supported Browsers Architectural Changes New Features.

GOSS iCM Gary Ratcliffe. 2 Agenda Webinar Programme V10 Overview Version Information Supported Browsers Architectural Changes New Features.

Similar presentations

Ads by Google