xacmlxacml3xacml2
XACML 3.0 multiple PEP and PDP instances
I am using XACML 3.0 I just want to know which is the best practices for separating the PEP and PDP instances. I have three scenarios here which one is best as per the cloud way of implementation.
- I have one instance of PEP which will communicate to multiple PDP instances.
- I have multiple PEP and multiple PDP instances which will communicate to each other.
- I have multiple PEP instances which will communicate to one PDP instance.
Solution
The typical deployment I see is one or more enforcement points (PEP) talking to a load balancer that sits in front of multiple PDPs that are all equally configured.
That's true of any version of XACML.
PDPs rarely communicate together though you could imagine you'd have a PDP talking to another via a PIP connector.
--- EDIT --- Here's an architecture diagram
- UserNotFound Error for Existing Role in WSO2 IS 7.0.0 XACML Policy
- XACML how to efficiently control Access to Collections (Lists) of Resources
- How to express pagination in attribute based access control?
- What is the difference between Policy Target and Rule Target in ALFA or XACML?
- Implement geo XACML using Authzforce and host it on heroku
- WSO2 Identity / XACML Evaluation for Standard Editor / Any Debug Feature Available?
- Representing complex data types in XACML using Authzforce
- Obtain all Obligations from all the policies
- Fine-grained authorization for web applications
- Authzforce - XACML AttributeSelector
- How does missing-attribute work in XACML?
- Add multiple values in bag using authzforce
- Can XACML be validated by lxml in Python?
- Replacing LDAP store in Axiomatics to use Azure AD / B2C
- XML (XACML) Syntax Error - String Literal was Expected
- In wso2 IS XACML policy how to validate role and its permissions
- Is there a way to define variables externally from XACML policy and refer them from inside the policy rules
- XACML Obligations
- Authzforce ABAC - Fail to Enable a Result Postprocessor extension on a domain
- How to add string/URI matching in XACML
- Who uses XACML?
- URL accessible at specific hours only XACML
- Authzforce - Simple ABAC policy creation fails
- WSO2IS - XACML Policy with custom attributes is returning "Couldn't find AttributeDesignator"
- How to do logical AND for Rule combining for XACML
- Authzforce - Existing GUI for policy administration (PAP)
- Spring Security integration with XACML(Or any other policy based solution)
- XACML: how to find a long in a list of longs (list contains)
- Dynamic root policyset for multi-tenancy using Authzforce Core
- How expensive is creating a BasePdpEngine in Authzforce Core?