The WSO2 Identity Server is an open source identity and entitlement management server with support for eXtensible Access Control Markup Language (XACML). This server can be leveraged by iWay Service Manager (iSM) to authenticate users and authorize access. For more information about the XACML specification, refer to the following website:
http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
The WSO2 realm can validate users against a user store in WSO2 Identity Server. The list of roles is accessible in the principal returned by the realm.
The following iSM components can be used together to check whether access to a resource is authorized:
iSM acts as a Policy Enforcement Point (PEP) calling an external Policy Decision Point (PDP) running in WSO2 Identity Server.
These two features can be used independently or together. For example, it is possible to use the WSO2 realm and authorize access explicitly by testing the roles in the principal. Conversely, it is possible to use any iSM user realm and authorize access with XACML.
| iWay Software |