[jboss-dev-forums] [PicketBox Development] - Make JBossPDP an interface to allow easier insertion of custom PDP.

Brian Krisler do-not-reply at jboss.com
Tue Aug 31 18:09:03 EDT 2010 

Brian Krisler [http://community.jboss.org/people/bkrisler] replied to the discussion

"Make JBossPDP an interface to allow easier insertion of custom PDP."

To view the discussion, visit: http://community.jboss.org/message/559902#559902

--------------------------------------------------------------
I too am against reinventing the wheel and that is one of the reasons we selected Picketbox/Picketlink as a
staring point for our research. When we started, we reviewed all of the existing SAML/XACML
solutions in the open source and found that Picketbox/Picketlink put us close to our goal with minimal modification.

As far as why I need to create a custom PDP, there are two reasons, (if I missed something
that would allow these features in the existing implementation, a pointer would be great!):

1) We need to support attribute-based authorization. The current implementation appears to be
    role-based authorization.

2) We need to support remote Attribute Authorities. From what I can determine, this would require
     modification of the PDP to allow for configuration of a known/trusted attribute authority that
     is not self contained.

Another requirement I have not started to investigate, however I think should be supported in the existing
PDP is the intergration of a custom rule combining algorithm.

At the moment, the custom PolicyRegistration approach is the route I took. This has allowed my
to extend and modify the existing PDP to meet my requirements. It is possible that what I am doing
is very specific and not worth modification of the existing implementation.

Hope this helps some in clarifying my intent.

Brian

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/559902#559902]

Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2088]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20100831/61f537bf/attachment.html

More information about the jboss-dev-forums mailing list