Ignore:
Timestamp:
18/08/10 10:06:33 (9 years ago)
Author:
pjkersha
Message:

Incomplete - task 2: XACML-Security Integration

  • first working e2e test with PEP calling a SAML Authorisation service configured with PIP to make callouts to an Attribute Authority to pull user attributes. This meets the ESG requirements. Next steps:
    • integrate with ndg.security.test.integration.authz_lite browser based integration tests
    • optimise by adding caching of authz decisions to PEP and possibly caching attribute assertions in the PEP.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice/policy.xml

    r7287 r7335  
    107107            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"> 
    108108                <SubjectAttributeDesignator  
    109                     AttributeId="urn:ndg:security:authz:1.0:attr"  
     109                    AttributeId="urn:siteA:security:authz:1.0:attr"  
    110110                    DataType="http://www.w3.org/2001/XMLSchema#string"/> 
    111111                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> 
     
    133133            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"> 
    134134                <SubjectAttributeDesignator  
    135                     AttributeId="urn:ndg:security:authz:1.0:attr"  
     135                    AttributeId="urn:siteA:security:authz:1.0:attr"  
    136136                    DataType="http://www.w3.org/2001/XMLSchema#string"/> 
    137137                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> 
    138                     <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">staff</AttributeValue> 
    139                     <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">administrator</AttributeValue> 
     138                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:siteA:security:authz:1.0:attr:staff</AttributeValue> 
     139                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:siteA:security:authz:1.0:attr:postdoc</AttributeValue> 
    140140                </Apply> 
    141141            </Apply> 
     
    163163                    <SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> 
    164164                        <SubjectAttributeDesignator  
    165                             AttributeId="urn:ndg:security:authz:1.0:attr"  
     165                            AttributeId="urn:siteA:security:authz:1.0:attr"  
    166166                            DataType="http://www.w3.org/2001/XMLSchema#string"/> 
    167                         <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">administrator</AttributeValue> 
     167                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:siteA:security:authz:1.0:attr:admin</AttributeValue> 
    168168                    </SubjectMatch> 
    169169                </Subject> 
Note: See TracChangeset for help on using the changeset viewer.