[Fiware-finish-coaching] FW: [FInish-Technology] Help on issue HELP-6964

Peter Einramhof einramhof at atb-bremen.de
Mon Sep 19 16:31:56 CEST 2016

Next message: [Fiware-finish-coaching] WG: [FInish-Technology] Final FIWARE GEs and help with Wirecloud
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Ilknur, dear FInish FIWARE coach(es),

one of the FInish teams has an issue with securing Orion using AuthZForce (see the two parts marked in green below).
In short they want to prevent DELETE calls to Orion by implementing permissions/rules.

I’m not sure whether using AuthZForce is the correct approach anyway, since only Wilma is mentioned in the Orion documentation:
http://fiware-orion.readthedocs.io/en/develop/user/security/

Do you have an advice?

Kind regards,
Peter on behalf of FInish.



***FROM ONE OF THE PREVIOUS EMAILS***
We are really struggling to secure the ContextBroker to prevent DELETE
calls. So much that this has become an impediment to successfully finish
our sprint.


Von: Simon Vos [mailto:s.vos at itude.com]
Gesendet: Montag, 19. September 2016 15:23
An: Peter Einramhof <einramhof at atb-bremen.de<mailto:einramhof at atb-bremen.de>>
Cc: FInish-Technology at FInish-Project.eu<mailto:FInish-Technology at FInish-Project.eu>
Betreff: Re: [FInish-Technology] Help on issue HELP-6964

Dear Peter,

We have also sent an email to FIWARE JIRA (Avaro Alonso is involved here).
Indeed we are trying to use HORIZON/IDM to implement http verb-rules to secure the contexbroker by allowing specific calls to the contextbroker.
Creating the rules still fails.
We have not yet tried to implement this by adding an extra PEP-Proxy.

Summary until now:

- We installed the AuthZForce service on our IDM instance
- We tried to create HTTP verb rules (permission) in IDM.
- In IDM we see that the permissions has successfully created
- Linking a role to this permission has succeeded as well.
- However this permission is not visible in AuthZForce when doing a call doing a request-tool
- In the IDM log we saw  a message stating “…failed to create policy in AuthZForce…”.

Hope you will be able to help us further quickly.
If you will need more information, please reply.


Kind regards,

Simon Vos


[cid:image001.png at 01D21293.559CAF30]
Arthur van Schendelstraat 650
3511 MJ Utrecht
■ mob +31(0) 6 21 49 93 82
■ tel receptie +31(0)30 699 70 20
■ mail s.vos at itude.com<mailto:s.vos at itude.com>
■ linkedIn linkedin.com/in/simonvos<https://linkedin.com/in/simonvos>


www.itude.com<http://www.itude.com/> ■ K.v.K. 30146090
_____________________________________________________________________________
***Op deze mail is een disclaimer van toepassing. De inhoud daarvan is te lezen op onze website***

Op 19 sep. 2016, om 09:41 heeft Peter Einramhof <einramhof at atb-bremen.de<mailto:einramhof at atb-bremen.de>> het volgende geschreven:

Dear Simon,

before relaying this issue to our FIWARE coach, I’d like to clarify one point.
It seems that you tried using AuthZForce together with Orion.

Have you also tried the PEP Proxy Wilma, which seemingly is the reference for securing Orion?
http://fiware-orion.readthedocs.io/en/develop/user/security/
http://catalogue.fiware.org/enablers/publishsubscribe-context-broker-orion-context-broker/documentation

Best regards,
Peter.



Von: Simon Vos [mailto:s.vos at itude.com]
Gesendet: Freitag, 16. September 2016 18:32
An: Peter Einramhof <einramhof at atb-bremen.de<mailto:einramhof at atb-bremen.de>>
Betreff: Re: [FInish-Technology] Help on issue HELP-6964

Dear Peter,

Thank you for the quick reply on our emergency call. Indeed I should name the software as FIWARE.
All information on this issue is in the email(s).
In July we started tot contact the Support Desk. At this moment, two months later, we have no progress on this issue.
Since security is critical for our developed product with FI-WARE, the solution for our issue is well appreciated.
Two months we do have email exchance. Probably a dedicated specialist by telephone or online tool will help in a more effective way.
Therefore your help is mostly wanted here.

Our goal:
We are really struggling to secure the ContextBroker to prevent DELETE
calls. So much that this has become an impediment to successfully finish
our sprint.

Hope you will be able to assign a coach on this issue.

Kind Regards, Simon Vos


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-finish-coaching/attachments/20160919/b9450e88/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5978 bytes
Desc: image001.png
URL: <https://lists.fiware.org/private/fiware-finish-coaching/attachments/20160919/b9450e88/attachment.png>

Next message: [Fiware-finish-coaching] WG: [FInish-Technology] Final FIWARE GEs and help with Wirecloud
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Fiware-finish-coaching mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy