DEVHIDE
Login Or Sign up

URL accessible at specific hours only XACML

122 Views Asked by At

I have a knotty problem (at least for me) to solve

In a nutshell:

  1. A web server exposing a single URL (static page)
  2. the URL should only be accessible between 9 am and 5 pm (everyday)
  3. the whole thing should be implemented through XACML

Questions

  • What actually do I need in order to accomplish my objective?
  • Is there any Oracle implementation of XACML which I should install? Is it by any chance free?
  • Could other XACML implementation be suitable? I'm refering to WSO2 Balana
  • Which tools should I use?
  • How should I start with?

Thanks a lot

authorization xacml abac alfa xacml2
Original Q&A
1

There are 1 best solutions below

2
On BEST ANSWER

You'll need:

  • a PEP (policy enforcement point) to intercept the request to the server. In your case you are controlling access to a web server. If you're using a Java web server e.g. Tomcat, you can implement a Servlet Filter PEP.
  • a PDP (policy decision point) to receive the request from the PEP and return a decision (either Permit or Deny). Oracle used to have a PDP solution called Oracle Entitlements Server (OES) but it was discontinued. Nowadays you have several options
    • Balana, an open-source XACML engine
    • AuthZForce, the latest and possibly most complete open-source XACML 3.0 PDP
    • Axiomatics, a commercial solution that provides you with turnkey PDP, PEP, and policy authoring (aka PAP)
  • a PAP (policy administration / authoring point): you need to write your policy. I typically use which is easy-to-read shorthand notation for XACML.

In your case, the policy would look like the following:

policy allowOfficeHours{
    apply firstApplicable
    rule allowOfficeHours{
        target clause current_time>"09:00:00":time and current_time<"17:00:00":time
        permit
    }
}

Plan of action

Start

  1. Start with downloading the PDP of your choice. If you need free, then go to AuthZForce. You can ask and tag questions with here. Their main architect / dev is active here.
  2. Then download the ALFA plugin for Eclipse to start writing some policies.
  3. Finally, use AuthZForce's PEP SDK to write your own PEP. Look at Java servlet filters as an easy means to write a PEP. Check out this post and that one for tips.

Related Questions in AUTHORIZATION

Related Questions in XACML

Related Questions in ABAC

Related Questions in ALFA

Related Questions in XACML2

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.