Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
Sender Email:
-
HD-Chapter:Security
-
HD-Enabler:AuthZForce
Description
Hello,
We have recently noticed that the enabler Access Control is no longer listed in the catalogue.
http://catalogue.fiware.org/enablers/access-control-tha-implementation <http://catalogue.fiware.org/enablers/access-control-tha-implementation>
Is this component being eliminated from Fiware?
We ask only because we have planned to use it in the development of our projects.
Best regards
_______________________________________________
Fiware-tech-help mailing list
Fiware-tech-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-tech-help
[Created via e-mail received from: Ayman Moghnieh <aymanmoghnieh@gmail.com>]
Activity
The name “Access Control GE” has been renamed/replaced with “Authorization PDP”, for several reasons. In terms of architecture, the former Access Control GEi consisted of two components in FIWARE phase 1: PEP (Policy Enforcement Point/Proxy in terms of XACML) and PDP (Policy Decision Point). Both were Thales proprietary. Now, in FIWARE Phase 2/FICORE, it is required from all GE reference implementations to be released as open source. Thales has accepted to release an open source implementation, but only the PDP part, not the PEP. Instead, the PEP part will be provided by UPM as a new GE (PEP Proxy) which should be available in the catalogue at some point (you can ask UPM for more details). This is basically an evolution of the PEP Proxy (integrated with their IdM Keyrock) they have already provided in FIWARE to enforce authentication for your applications as a reverse proxy. The name “Authorization PDP” makes the distinction with the new “PEP proxy” clear, whereas “Access Control” may cause confusion.
The other confusion caused by “Access Control” GE is with the Identity Management GE. “Access Control” is too generic and used to mislead people to think the Access Control GE also provides authentication mechanisms for your application, or that it includes the IdM.
Now, with the name “Authorization PDP”, we hope to prevent any confusion on what the GE provides.
“AuthZForce” is the name of the reference implementation. It used to be “THA implementation”/”Thales implementation” which was not very convenient.
Hello,
Indeed, as Davide said, the name “Access Control GE” has been renamed/replaced with “Authorization PDP”, for several reasons. In terms of architecture, the former Access Control GEi consisted of two components in FIWARE phase 1: PEP (Policy Enforcement Point/Proxy in terms of XACML) and PDP (Policy Decision Point). Both were Thales proprietary. Now, in FIWARE Phase 2/FICORE, it is required from all GE reference implementations to be released as open source. Thales has accepted to release an open source implementation, but only the PDP part, not the PEP. Instead, the PEP part will be provided by UPM as a new GE (PEP Proxy) which should be available in the catalogue at some point (you can ask UPM for more details). This is basically an evolution of the PEP Proxy (integrated with their IdM Keyrock) they have already provided in FIWARE to enforce authentication for your applications as a reverse proxy. The name “Authorization PDP” makes the distinction with the new “PEP proxy” clear, whereas “Access Control” may cause confusion.
The other confusion caused by “Access Control” GE is with the Identity Management GE. “Access Control” is too generic and used to mislead people to think the Access Control GE also provides authentication mechanisms for your application, or that it includes the IdM.
Now, with the name “Authorization PDP”, we hope to prevent any confusion on what the GE provides.
“AuthZForce” is the name of the reference implementation. It used to be “THA implementation”/”Thales implementation” which was not very convenient.
Regards,
Cyril
–
Cyril DANGERVILLE, Thales Services
FIWARE Phase II / WP1.7 Security (WPA), T1.7.2 Identity & Access Management (Contributor), Authorization PDP (ex-Access Control) GE Owner
De : Davide Dalle Carbonare davide.dallecarbonare@eng.it
Envoyé : jeudi 8 janvier 2015 15:10
À : Ayman Moghnieh
Cc : fiware-tech-help@lists.fi-ware.org; DANGERVILLE Cyril
Objet : Re: [Fiware-tech-help] Access Control no longer in catalogue?
Dear Ayman,
the "Access Control" reference implementation has been replaced by the "Authorization PDP - AuthZForce" available at:
http://catalogue.fi-ware.org/enablers/authorization-pdp-authzforce
Cyril, in cc, can give you more information on this update.
Kind Regards,
Davide Dalle Carbonare
2015-01-08 14:17 GMT+01:00 Ayman Moghnieh <aymanmoghnieh@gmail.com<aymanmoghnieh@gmail.com>>:
Hello,
We have recently noticed that the enabler Access Control is no longer listed in the catalogue.
http://catalogue.fiware.org/enablers/access-control-tha-implementation
Is this component being eliminated from Fiware?
We ask only because we have planned to use it in the development of our projects.
Best regards
Thanks Cyril, Davide,
That’s clear, we will take a closer look and update our development plan accordingly.
Regards
_______________________________________________
Fiware-tech-help mailing list
Fiware-tech-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-tech-help
Dear Ayman,
the "Access Control" reference implementation has been replaced by the
"Authorization PDP - AuthZForce" available at:
http://catalogue.fi-ware.org/enablers/authorization-pdp-authzforce
Cyril, in cc, can give you more information on this update.
Kind Regards,
Davide Dalle Carbonare
_______________________________________________
Fiware-tech-help mailing list
Fiware-tech-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-tech-help