1) By "implement that functionality", you mean "modify/extend the code of KeyRock", don't you? 2) Regarding the second point, do you already know how the mapping from IdM to XACML attributes (in the XACML request) will be configured in the next release of the PEP proxy? Thank you. Regards, Cyril De : Álvaro Alonso [mailto:aalonsog at dit.upm.es] Envoyé : mardi 17 février 2015 14:33 À : Tran Quang Thanh Cc : DANGERVILLE Cyril; fiware-tech-help at lists.fi-ware.org Objet : Re: [Fiware-tech-help] IdM GE - Adding new attributes (e.g. application-specific) Hi Tran, no, the new release doesn't include that functionality. What I mean is that if you are going to use your own instance (not the official one deployed in FILAB), it is so easy for you to implement that functionality. Anyway we will keep you informed if there are future plans to work on that direction. BR -- Álvaro El 17 Feb 2015, a las 13:53, Tran Quang Thanh <thanh.quang.tran at fokus.fraunhofer.de<mailto:thanh.quang.tran at fokus.fraunhofer.de>> escribió: Dear Cyril, Alonso, Thank you very much for your information. If I got correctly, upcoming (modified) OpenStack Keystone will provide such functionality and replace KeyRock IdM at FIWARE Lab. Will it be another FIWARE IdM GEri ? Also please give some hints about my first consideration in the last email: With new architecture, to be sure such attributes can still be extract from token (if the IdM support) but how the PEP Proxy decide which attributes to include in the XACML request (do we need to include all user attributes in the request ?) and when the request contains such domain-specific attributes, how the PDP understand such attributes in order to validate the request without communicate with IdM ? Bests, Tran On 16.02.2015 15:48, Álvaro Alonso wrote: With new architecture, to be sure such attributes can still be extract from token (if the IdM support) but how the PEP Proxy decide which attributes to include in the XACML request (do we need to include all user attributes in the request ?) and when the request contains such domain-specific attributes, how the PDP understand such attributes in order to validate the request without communicate with IdM ? -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-tech-help/attachments/20150217/51ee60b8/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy