UNICORE XACML PDP v.2.0.0

Release Notes

What's new

  • The XACML entity code from the UAS-core became a separate module, a part of the UNICORE Services Environment.
  • The new PDP implementation was added: a local XACML 2.0 PDP. It works in a similar way as the only PDP available in UNICORE so far, but supports the new XACML version and allows for storing policies in multiple files, in the configurable policy directory. This allows for easy configuration and deployment of additional services added to the container.
  • The new remote XACML 2.0 PDP was implemented. It uses XACML SAML profile to ask for authorization decisions. The Argus CE profile is implemented for encoding of attributes.

Deployment notes

  • NONE - the component is not deployed on its own, only as a part of UNICORE WS.

Known issues

  • The current support for Argus PDP is working but is not useful for UNICORE. This is due to the fact that Argus proprietary policy language can not be used to express the default UNICORE policy (there is no resource owner concept implemented in Argus). Therefore this PDP implementation will become production-ready after the update of Argus. Also this module will need to be slightly updated to use the (not yet known) Argus attribute names, which are being defined in the new EMI XACML profile.

List of RFCs

Documentation

  • Functional Description: please refer to the UNICORE/X ("Authorization back-end (PDP) guide", "Guide to XACML security policies")
  • System Administrator Guide: please refer to the UNICORE/X ("Authorization back-end (PDP) guide", "Guide to XACML security policies")
  • Service Configuration Template: available in Unicore/X and Registry distributions (files: "xacml2.config", "uas.config" and in directory "xacml2Policies")

Artefacts

-- MarcelinaBorcz - 04-May-2011

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2011-05-06 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback