[Backlogmanager] [FIWARE-JIRA] (HELP-20008) [fiware-stackoverflow] FIWARE Orion-LD access control rules by entity type

Fernando Lopez (JIRA) jira-help-desk at jira.fiware.org
Fri Sep 2 08:38:00 CEST 2022

Previous message: [Backlogmanager] [FIWARE-JIRA] (HELP-20008) [fiware-stackoverflow] FIWARE Orion-LD access control rules by entity type
Next message: [Backlogmanager] [FIWARE-JIRA] (LAB-5307) Create new FIWARE Lab user account
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     [ https://jira.fiware.org/browse/HELP-20008?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Fernando Lopez updated HELP-20008:
----------------------------------
    Status: Answered  (was: In Progress)

> [fiware-stackoverflow] FIWARE Orion-LD access control rules by entity type
> --------------------------------------------------------------------------
>
>                 Key: HELP-20008
>                 URL: https://jira.fiware.org/browse/HELP-20008
>             Project: Help-Desk
>          Issue Type: Monitor
>          Components: FIWARE-TECH-HELP
>            Reporter: Backlog Manager
>            Assignee: Jason Fox
>              Labels: authzforce, fiware, fiware-keyrock, fiware-orion
>
> Created question in FIWARE Q/A platform on 29-08-2022 at 22:08
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/73535332/fiware-orion-ld-access-control-rules-by-entity-type
> +Question:+
> FIWARE Orion-LD access control rules by entity type
> +Description:+
> Is it possible to configure access-control rules for Orion-LD based on the entity type? Or, alternatively, on the presence of some attributes in the entities?
> A similar question was asked here:
> Get a list of all resources accessible to users in FIWARE. The answer seems to imply that in the so-called Advanced Authorization scenario it is possible to achieve something like this by means of XACML filters for broker endpoints, allowing for instance GET access to the endpoint /entities?type=SomeEntityType for certain users. However, this appears like a very brittle solution, since the type query parameter may be preceded by other params in a real-world request. Furthermore, there are other ways to filter resources returned by the /entities endpoint, e.g. by means of parameters q or attrs (according to the NGSI-LD spec, https://www.etsi.org/deliver/etsi_gs/CIM/001_099/009/01.06.01_60/gs_CIM009v010601p.pdf, see 6.4.3.2), hence separate rules would be needed for all of these and it seems impossible to keep them consistent. Ideally, I would also like GET requests to /entites/{entityId} to be evaluated against the type of the entity, without configuring this individually for every entity.
> Am I missing a simple solution to this problem?



--
This message was sent by Atlassian JIRA
(v6.4.1#64016)

Previous message: [Backlogmanager] [FIWARE-JIRA] (HELP-20008) [fiware-stackoverflow] FIWARE Orion-LD access control rules by entity type
Next message: [Backlogmanager] [FIWARE-JIRA] (LAB-5307) Create new FIWARE Lab user account
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Backlogmanager mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy