CODEWITHSUNDEEP
access-controlxacmlwso2-identity-server
Deepali Singh
Deepali Singh

Reputation: 55

How to define a XACML Policy inside a XACML PolicySet

In the past week I have been trying to define a policy inside a policyset of wso2IdendityServer 4.5.0 version.

  1. I am able to create policyset using policyset editor of wso2IdentidyServer 4.5.0 also able add policy in that but the problem is in XML format.

My generated policyset look like this (sample policyset)

<PolicySet>
   <Target>
      ...
   </Target>
   <PolicyIdReference>simple1</PolicyIdReference>
</PolicySet>

Issues

If we see in <PolicyIdReference> tag, it's taking reference of policy "simple1". But, My requirement is instead of taking only reference name "simple1", it should substitute the complete policy here As I have seen in some of the example . Something like this:

<PolicySet>
   <Target>
   </Target>
   <PolicyIdReference>urn:oasis:names:tc:xacml:2.0:example:policyid:3</PolicyIdReference>
   <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:example:policyid:2" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
      <Description>
   Policy for any medical record in the
   http://www.med.example.com/schemas/record.xsd namespace
  </Description>
      <Target/>
      <Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:ruleid:1" Effect="Permit"/>
      <Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:ruleid:2" Effect="Permit"/>
      <Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:ruleid:4" Effect="Deny"/>
   </Policy>
</PolicySet>

As here we can see after tag,its adding policy in policyset.

So My question is which version of wso2 IdentityServer create such types of policyset also what version of xacml schema version it uses?

Thanks and Regards Deepali Singh

Upvotes: 0

Views: 393

Answers (2)

David Brossard
David Brossard

Reputation: 13834

You can use the ALFA plugin for Eclipse as well as the Axiomatics Policy Administration Point to author fully-conformant XACML 3.0 policies and policies including the option to either reference policies / policy sets or embed them directly as you requested.

That said, it's probably a better practice to reference policies when it makes sense since it then makes policy lifecycle much simpler.

Upvotes: 0

Asela
Asela

Reputation: 5821

WSO2 Identity Server policy set editor only allows for you to define policy set as policy id references. Therefore selected policy would be added as references. If you need to add completed policy inside the policy set, you can do it using XML view editor. Basically you can edit the created policy set using XML view and add your policy in to it. This would not effect to PDP run time. Both options would work. It is just a limitation in creating policy set from editor UI. However i guess this would be improved to add completed policies from policy set editor UI in future.

Upvotes: 1

Related Questions