[Fiware-api-cross] Thales Authorization Server API review

Antonio Tapiador del Dujo atapiador at dit.upm.es
Thu May 30 12:19:39 CEST 2013

Previous message: [Fiware-api-cross] Thales Authorization Server API review
Next message: [Fiware-api-cross] REMINDER: follow-up confcall on OAuth 2.0 and Access Control framework in FI-WARE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thank you for your clarifications Cyril. It is clear now.

I think the mechanism is ok, as long as PolicySets do not become too big.

Regards.

El 29/05/13 18:29, DANGERVILLE Cyril escribió:
> Hello,
> The element you upload via the PUT method on the PAP API is your root XACML<PolicySet>, which may include<Policy>s or<PolicySet>s again, like any<PolicySet>. If you want to delete<Policy>s in that root<PolicySet>  (or any other nested<PolicySet>), you upload a new version of the root<PolicySet>  without the<Policy>s in question. I know my answer sounds a bit dumb, so maybe you meant something smarter?
> You can have 0<Policy>/<PolicySet>  in your root<PolicySet>, an empty<PolicySet>  in other words, in which case the PDP will always return "NotApplicable" as XACML response (with the standard policy combining algorithms). Then it's up to the PEP to interpret that decision (permit/deny access?).
>
> FYI, there have been a few changes on the API since the publication of that Thales Authorization Server API document, especially the URLs. For more up-to-date info, please look at
> http://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/Access_Control_-_User_and_Programmers_Guide
> or
> http://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/Access_Control_GE.Authorization.Open_RESTful_API_Specification_%28PRELIMINARY%29
>
> I hope I cleared things up a little bit. Feel free to ask if not.
>
> Regards,
> CD
>
>> -----Message d'origine-----
>> De : fiware-api-cross-bounces at lists.fi-ware.eu [mailto:fiware-api-
>> cross-bounces at lists.fi-ware.eu] De la part de Antonio Tapiador del Dujo
>> Envoyé : mardi 28 mai 2013 10:48
>> À : fiware-api-cross at lists.fi-ware.eu
>> Objet : [Fiware-api-cross] Thales Authorization Server API review
>>
>> Dear all,
>>
>> I have reviewed the Thales Authorization Server API part that
>> corresponds to the policy management. This is section "2. Policy
>> Management Service API (PAP)"
>>
>> To the best of my knowledge, the API is suitable for policy manament in
>> the OIL portal. The only thing I am missing is policy deletion. How can
>> we delete policies in the Authorization Server?
>>
>> Kind regards.
>> _______________________________________________
>> Fiware-api-cross mailing list
>> Fiware-api-cross at lists.fi-ware.eu
>> https://lists.fi-ware.eu/listinfo/fiware-api-cross

Previous message: [Fiware-api-cross] Thales Authorization Server API review
Next message: [Fiware-api-cross] REMINDER: follow-up confcall on OAuth 2.0 and Access Control framework in FI-WARE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Fiware-api-cross mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy