WS-Security

When you write a complex mashup with WSO2 Mashup Server which aggregate several external web services, you will definitely need to communicate with secured web services. It is very easy with WSO2 Mashup Server as it does this with service composition. In this article, we will discuss how WSO2 Mashup Server allows you to invoke services secured with advanced security scenarios.

We learned lot of theory about XACML policies in Part 1. In this section we will define a sample XACML policy using the concepts we learned in Part 1. In addition to that, this article describes how you can test and validate policies using “WSO2 Identity Server”.

Dealing with XML is sometimes very tedious. In the last section of this article, we will discuss how you can use XACML “simple UI ” to define XACML policies.

XACML is the widely used authorization mechanisms for web services. XACML provides fine grained authorization. In which one can define authorization based on very finer details. This finer information is stated in the policy as attributes. XACML also defines set of functions, which can be used in authorization logic evaluation. Due to detailed behavior, some believe XACML policies are esoteric and complicated. In this article I will elaborate XACML policies and will give you an idea as how XACML policy evaluation is taking place.

XACML, shortened for extensible access control markup language, provides a flexible, fine-grained and scalable way of achieving policy-based access control. WSO2 carbon product platform provides a fine-grained access management solution with Policy Based Access Control (PBAC) based on XACML.

This article walks you through a sample scenario on how to build up a solution to control access to a RESTful service with XACML using WSO2 product stack.

Cloud computing has gained tremendous popularity among business owners and service providers in the enterprise software markets. Among the cloud’s numerous advantages and benefits are also considerable challenges, most of which are related to security, data privacy and trust. This article investigates some of the most common security concerns of the cloud today.

Security is one of the key aspects of any software system. Authentication and Authorization are basic security requirement of any software system. In an SOA environment which most of the time is realized using web services, Username Token and HTTP basic authentication can be used to authenticate the users. Then XCMAL policy based authorization provides centralized authorization. Therefore this article describes such a SOA system written using WSO2 Enterprise Service Bus (ESB), further protecting the back end services using mutual authentication.

All products of WSO2 platform uses the Apache Rampart to provide security for Web Services. As a result, all features of Apache Rampart are inherited by the WSO2 products. Crypto objects are used to store properties that required to perform signature/encryption. Crypto objects have information such as as crypto provider, keystore and its password. Until now, Crypto objects were initialized on per call basis.

Synapse changed it default namespace from "http://ws.apache.org/ns/synapse" to "http://synapse.apache.org/ns/2010/04/configuration" with its version 2.0 release. So when you are going to create a synapse artifact you need to decide which namespace you are going to use and how to specify it. This short KB tell you how to get it done in easy steps.