Attribute-based Authorization - ACL / POP

May 14

May 14 Attribute-based Authorization - ACL / POP

Overview

The WebSEAL authorization service makes decisions on requests to protected objects based on two types of policies:

Access control list (ACL) policies
Protected object polices (POP)

The purpose of a POP is to impose additional conditions on the operation permitted by the ACL policy. In ISAM 9.0.7 an additional attribute, the trigger_attr_eas was introduced which allowed additional custom values to be set.

ssh -l admin <isam-domain.com>

isam
admin
pdadmin> login
Enter User ID: sec_master
Enter Password: ********
pdadmin sec_master>

pop create attrPop
pop modify attrPop set description "Used to restrict access to the API"
pop modify attrPop set attribute eas-trigger trigger_attr_eas
pop modify attrPop set attribute requires "role='READ-ACCESS'"
pop modify attrPop set attribute requires "auth-level=3"

pop attach /WebSEAL/api/session attrPop

Additional Information/Links

Here are some useful links you can checkout for additional information.

Show 1 comment

Based in Melbourne, Australia.

—

Developer
Life

May 14 Attribute-based Authorization - ACL / POP

Overview

Additional Information/Links

Based in Melbourne, Australia.

—

DeveloperLife

May 14 Attribute-based Authorization - ACL / POP

Overview

Additional Information/Links

May 17 Want To Learn To Hack?

May 3 Reverse Proxy Tracing in WebSEAL

Developer
Life