2

I have an API REST made in node js, and now I'd like to implement some XACML policy. I have been searching and I found that I can use ALFA to make the XACML rules. But I need a PDP for applying the rules. What can I use / how can I implement it?

I have read about WSO2 Identity Server (which I think I can use as a PDP? I'm not sure). It is probably too much for a little project. Any other suggestions? Or is WSO2 IS adecuate?

Community
  • 1
  • 1
Manu Ruiz Ruiz
  • 373
  • 1
  • 2
  • 11

3 Answers3

3

The go-to open source implementation of XACML 3.0 nowadays is AuthZForce. In OSS, it's the most up-to-date. In the commercial realm, look into Axiomatics (where I worked). They have the most up-to-date PDP and are the authors of the standard.

David Brossard
  • 13,584
  • 6
  • 55
  • 88
2

Yes, you can use Wso2 Identity Server as your PDP. Once I had a requirement to secure a Spring Boot rest API through XACML[1]. Anyway, It would be much easier for you to use the Identity Server PDP than implementing one. You have easy beginner samples that you can try out for your use case.[2] There are tools in the identity server that you can use to create the XACML rules.

[1].https://medium.com/@buddhimau/role-based-authorization-for-spring-boot-using-wso2-identity-server-3d74ab307fb9

[2].https://medium.com/@gdrdabarera/how-entitlement-management-works-with-rest-api-via-xacml-in-wso2-identity-server-5-3-0-7a60940d040c

Buddhima Udaranga
  • 943
  • 7
  • 10
1

Adding to Buddhima Udaranga reply, If you think IS too much for a little project, then you can directly use balana, which is the entitlement engine used inside IS. You can refer to this for more details. But balana have only java API.

senthalan
  • 1,936
  • 3
  • 10
  • 19