Software Architecture and Decision-Making by Srinath Perera;

Author:Srinath Perera;
Language: eng
Format: epub
Publisher: Pearson Education (US)
Published: 2024-02-15T00:00:00+00:00

Let’s look first at attribute-based authorization, where authorization is defined as rules based on the user’s attributes. For example, a bank’s rule may say that a user can create a regular account only if the user is older than 18 years. Often, an IDP provides tokens that assert the attributes, and the applications use the tokens to authorize. How to support a what-are-my-resources query is not clear in this instance.

Furthermore, it is possible to use a fully token-based approach, where we issue users tokens explaining what they can do, and the users send them back when they want to interact with the system. The primary advantage of this model is that it’s decentralized; tokens issued by trusted IDPs can give rise to a rich security landscape. However, a token-based approach poses several challenges.

In this approach, the user needs to store and manage those tokens, which is harder from the user’s perspective. The user might inadvertently (or maliciously) give those tokens to outsiders. Revoking permissions is also complicated. Finally, supporting a what-are-my-resources query is difficult.

These complex authorization models are implemented using XACML (Extensible Access Control Markup Language) or Open Policy Agent (OPA), but you should seek help from a security architect if adapting these models. Next, let’s focus on where to place the authorization logic.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.