2

I am searching for a solution, that the value of an attribute of a certain entity in the Orion Context Broker, which is secured with a Wilma PEP Proxy and Keyrock, can only be changed by a specific user (the one who created the entity).

The Context Broker contains multiple entities, for which I want to restict the access depending on "entity-owner".

How could I proceed to achieve this?

Adrian Mole
  • 49,934
  • 160
  • 51
  • 83
gasp
  • 23
  • 3

1 Answers1

1

Not sure about Wilma PEP, but with Steelskin PEP (and side componentes Keystone and Keypass) you can use multitenancy to secure the access to your entities, at two levels:

Thus, users in a given subservice (in a given service) would access only to the entities belonging to such subservice (in the given service). Access to other subservices will be forbidden.

As a reference, you can use this link as an example to deploy and interact with the different components APIs based on KeyStone security stack.

fgalan
  • 11,732
  • 9
  • 46
  • 89
  • 1
    Thank you for your answer. I finally managed to achieve what I wanted using the basic authorization mode of the Keyrock IdM. – gasp Sep 29 '21 at 09:58