authorization - XACML policies are not sync with AuthZForce after creation in IdM -


im trying extend wilma pep proxy ge support level 3 of security: xacml authorization.

i implemented necessary modifications in pep proxy, in order support level of authorization, i'm having problems provisioning xacml permissions through idm interface, based on openstack horizon fork. far know, xacml policy created @ idm database not created @ corresponding authzforce domain. in fact, after xacml permision creation test, level 2 permision associated same application not syncronized authzforce.

after little of research, thing got more complex. far can see, each domain in authzforce has policyset root. in particular policyset has mapped user roles (application roles except provider , purchaser) xacml associated permissions. in fact level 2 of security (basic authorization) supported through xacml policies.

so questions are:

1) why did not xacml policy sync authzforce?. may issue in idm?

2) how should xacml level 3 permissions looks, if combined xacml policies associated level 2 permissions of other roles in application, before published in corresponding authzforce domain?

suggestions?

i using following versions of each ge:

  • idm ge: v5.4.0
  • authzforce ge: release 5.4.1
  • pep proxy wilma: 5.4


Comments

Post a Comment

Popular posts from this blog

javascript - Create a stacked percentage column -

i have collection of data : var data = [ {"p301a":"10","p301b":"7","p301c":"7","p301d":"3","p301e":"8","p301f":"8","p301g":"8","p301h":"8","p301i":"8","p301j":"8","p301k":"8","p301l":"8","p301m":"8","p301n":"8","p301o":"8","age":"31-40 years","profesion":"2","position":"2"}, {"p301a":"5","p301b":"4","p301c":"4","p301d":"4","p301e":"4","p301f":"4","p301g":"4","p301h":"4","p301i":"4","p301j":"4","p301k":"4...
Read more

Optimising Firebase database by automatically overwriting data -

in firebase app have following structure: posts latest all users can write posts > latest . want limit entries 20 posts save space in database. , posts beyond 20 unnecessary never shown on homepage. how can limit posts 20, when user writes posts > latest posts @ end drop off (be deleted) automatically? this sample should you. you need : const max_log_count = 20; exports.removeold = functions.database.ref('/posts/latest/{postid}').oncreate(event => { const parentref = event.data.ref.parent; return parentref.once('value').then(snapshot => { if (snapshot.numchildren() >= max_log_count) { let childcount = 0; const updates = {}; snapshot.foreach(function(child) { if (++childcount <= snapshot.numchildren() - max_log_count) { updates[child.key] = null; } }); // update parent. removes children. ...
Read more

javascript - Angular UI-Grid customTemplate directive causing rows to load slowly/? -

Image
each grid cell can have more 1 customtemplate loaded. have directive holds watcher on model_col_field listen cell updates on scroll when dom rows updated , recompile celltemplate . without watcher , $compile rows repeat on scroll, showing same set of rows. is there more angular way of approaching or way improve performance? relevant controller code: create gridoptions.data & gridoptions.columndefs : var customtemp = '<div ng-repeat="opt in grid.appscope.colvalueoptionsmodel" ng-init="tempstring=model_col_field.clazz+opt.key;"><comparison-directive dbo="model_col_field" attobj="opt" fff="grid.appscope.getattributetemplate(tempstring)" /></div>'; $scope.gridoptions.columndefs = [ { name:'yindex',pinnedleft:true,celltemplate: customtemp, displayname:'index'}, { name:'col1',celltemplate: customtemp}, { name:'col2',celltemplate: c...
Read more