I have planned to implement NAC integration with xacml language. And I know Oasis support this as "XACML Data Loss Prevention / Network Access Control (DLP/NAC) Profile Version 1.0". My question is that there is a way to use this new xacml language in wso2 identity server? If not what could be solution NAC integration with xacml in wso2 identity server.
Asked
Active
Viewed 93 times
1 Answers
0
No, WSO2 has not attested to the XACML DLP/NAC profile. The profile was written by Boeing, Axiomatics, and Oracle. I would check their implementations.
The implementation needs to support the following datatypes and functions:
- urn:oasis:names:tc:xacml:3.0:data-type:ipAddress-value
- urn:oasis:names:tc:xacml:3.0:data-type:ipAddress-pattern
- urn:oasis:names:tc:xacml:3.0:function:ipAddress-match
- urn:oasis:names:tc:xacml:3.0:function:ipAddress-endpoint-match
- urn:oasis:names:tc:xacml:3.0:function:ipAddress-value-equal
- urn:oasis:names:tc:xacml:3.0:function:ipAddress-network-match
- urn:oasis:names:tc:xacml:3.0:data-type:dnsName-value
- urn:oasis:names:tc:xacml:3.0:data-type:dnsName-pattern
- urn:oasis:names:tc:xacml:3.0:function:dnsName-match
- urn:oasis:names:tc:xacml:3.0:function:dnsName-endpoint-match
- urn:oasis:names:tc:xacml:3.0:function:dnsName-value-equal
The Axiomatics implementation can be extended to support these (disclaimer: I work for Axiomatics and I am one of the coauthors of the profile)
David Brossard
- 13,584
- 6
- 55
- 88