Topic outline

  • Authorization PDP GE & AuthzForce GEri

    The Authorization PDP Generic Enabler provides two main features:

    • Authorization policy decision evaluation: This is the main feature of this GE as a PDP. Indeed, PDP stands for Policy Decision Point and its main feature consists to evaluate authorization decisions based on XACML policies and attributes related to a given access request (e.g. requester’s identity, requested resource, requested action), following the policy evaluation logic defined in the XACML standard. This feature is provided to external clients through a REST API that we call the PDP API, where PDP is short for the term Policy Decision Point defined by the XACML standard.
    • Authorization policy administration: creation, retrieval, update and removal of XACML policies. This feature is provided to external clients through a REST API that we call the PAP API, where PAP is short for the term Policy Administration Point defined by the XACML standard. This feature is necessary to support the previous feature. Indeed, it allows policy administrators (such as application developers potentially) to configure the XACML policies to be evaluated by the GE when calling the PDP API.

    XACML is a OASIS standard for access control policy language and access decision request-response protocol.

    AuthzForce is the reference implementation of the Authorization PDP Generic Enabler (formerly called Access Control GE). Indeed, as mandated by the GE specification, this implementation provides an API to get authorization decisions based on authorization policies, and authorization requests from PEPs. The API follows the REST architecture style, and complies with XACML v3.0.

    In this course, you will be introduced to the Authorization PDP GE specification in R5 (current version: 5.2) and you will learn how to use its GEri AuthzForce (version 5.4.x).

    Link to the FIWARE catalogue: http://catalogue.fiware.org/enablers/authorization-pdp-authzforce

  • Lesson 1. Introduction to Authorization PDP GE and AuthzForce GEri

    This lesson is an introduction to the Authorization PDP Generic Enabler, AuthzForce (GEri) and an overview of how this course is structured.

  • Lesson 2. Introduction to the API of Authorization PDP GE

    In this lesson, you will learn how to use the common API (Application Programming Interface) of Authorization PDP Generic Enabler implementations, as defined in FIWARE Open Specification, including the reference implementation AuthzForce.

    Requirement:

    • Attend lesson 1
  • Lesson 3. Introduction to AuthzForce

    In this lesson, you will learn about AuthzForce - the Authorization PDP GEri:

    • Features, including extra API enhancements (not in the GE specification);
    • How to install;
    • How to administer;
    • How to use and program with AuthzForce API.

    Requirement:

    • Attend lesson 2.