[jboss-dev-forums] [Design of JBoss Identity] - Re: SAML Assertions (JBossESB)
jkurtz.wa@gmail.com
do-not-reply at jboss.com
Wed Nov 5 18:36:04 EST 2008
Anil
The Integration point for a JBoss ESB Service could be an action class or Spring Listener class. This class could be the Policy Enforcement Point (PEP) for either authentication or authorization. The PEP would then call out to some mechanism, pluggable of course, to perform the analysis.
>>For authentication the PEP would need the SAML Assertion or some other identity token
>>For authorization using XACML the PEP needs the Subject (role), Resource and Action (optional Environment)
The SAML Assertion (or other identification token) can be placed in the message header for both the ESB and web Service. Meta-data for authorization could be placed there too.
I am looking into some open source identity managers and service providers.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187127#4187127
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187127
More information about the jboss-dev-forums
mailing list