如何在FIWARE中达到安全级别3？ [英] How to achieve security level 3 in FIWARE?

问题描述

我正在计算机上部署FIWARE安全性GE（即Wilma，AuthzForce，Keyrock）。安全级别2（基本授权）运行良好，但是现在我需要使用XACML的安全级别3（高级授权）。

长话短说，我想要一个实现安全级别3的教程。但是，据我所知，关于安全级别3的任何教程或文档都不存在。 / p>

现在，我使用PAP的API创建策略，并将config.js中的 custom_policy选项从 undefined更改为 policy.js。然后，我将 policy.js文件创建为 PEP / policies，但是与模板文件相比，请勿更改任何内容，因为我不知道这段代码的确切作用。我认为我应该使用 xml变量制作XACML请求表单。但就我而言，当我使用xml变量发出XACML请求并返回此变量时，PEP给我错误。这是我的PEP错误：

 错误：根-AZF通信错误<？xml version = 1.0 encoding =  UTF-8 standalone = yes？><错误xmlns = http://authzforce.github.io/rest-api-model/xmlns/authz/S xmlns：ns2 = http：// www.w3.org/2005/Atom xmlns：ns3 = http://authzforce.github.io/core/xmlns/pdp/5.0 xmlns：ns4 = http://authzforce.github.io/pap- < / message>< / error> dao-flat-file / xmlns / properties / 3.6< message>无效的参数：cvc-elt.1：找不到元素'Request'的声明。 
  

这是policy.js中我的 getPolicy代码（XACML请求）。我只是做了一个非常简单的请求，即是否允许响应，因为我不确定当时在做什么。：

  exports.getPolicy =函数（角色，请求，app_id）{
 var xml = xmlBuilder.create（'Request'，{
'xmlns'：'urn：oasis：names：tc：xacml： 3.0：core：schema：wd-17'，
'CombinedDecision'：'false'，
'ReturnPolicyIdList'：'false'}）
 .ele（'Attributes'，{
'Category'：'urn：oasis：names：tc：xacml：1.0：subject-category：access-subject'}）; 
  

那么，有人可以给我有关实现3级安全性的任何信息吗？

解决方案

升级到Wilma 6.2（错误修复）。

重用 lib / azf.js 工作，并根据您的需求调整请求内容。该变量在此处被错误地称为 XACMLPolicy ，但请不要误解，这是实际的XACML Request 。这是使用 xml2json 包将JSON转换为XML，而在您的代码中您似乎使用了另一种 xmlbuilder 也许？您没有粘贴完整的代码-此 xmlBuilder 变量来自何处？ -我只是在猜测。

如果您确实在使用 xmlbuilder 包并希望坚持使用，我会注意到在使用名称空间的示例，xmlns属性以另一种方式放置：

  var xmlBuilder = require（'xmlbuilder'）; 
 
 var xml = xmlBuilder.create（'Request'，{编码：'utf-8'}）
 .att（'xmlns'，'urn：oasis：names：tc：xacml ：3.0：core：schema：wd-17'）
 .att（'CombinedDecision'：'false'）
 .att（'ReturnPolicyIdList'：'false'）
 .ele（'属性'，{'Category'：'urn：oasis：names：tc：xacml：1.0：subject-category：access-subject'}）; 
  

也许这有所作为，我没有检查。

也可以在 Wilma的github 获得开发团队的帮助。 （我不是其中之一，但我们已经为AuthzForce集成进行了合作。）

I am deploying FIWARE security GEs (i.e., Wilma, AuthzForce, Keyrock) in my computer. Security level 2 (Basic Authorization) is working well, but now I need security level 3 (Advanced Authorization) using XACML.

Long story short, I want a tutorial of implementation security level 3. However, as far as I know, any tutorial or document about security level 3 does not exist.

For now, I create my policy with PAP's API, and change 'custom_policy' option in config.js from 'undefined' to 'policy.js'. And then I create 'policy.js' file into 'PEP/policies', but don't change anything compared with its template file because I don't know what this code does exactly. I think I should make XACML Request form using 'xml' variable. But in my case, PEP gives me the error when I make the XACML Request using 'xml' variable, and return this variable. Here is my error of PEP:

Error: Root - Error in AZF communication <?xml version="1.0" encoding="UTF-8" standalone="yes"?><error xmlns="http://authzforce.github.io/rest-api-model/xmlns/authz/S" xmlns:ns2="http://www.w3.org/2005/Atom" xmlns:ns3="http://authzforce.github.io/core/xmlns/pdp/5.0" xmlns:ns4="http://authzforce.github.io/pap-dao-flat-file/xmlns/properties/3.6"><message>Invalid parameters: cvc-elt.1: Cannot find the declaration of element 'Request'.</message></error>

And here is my 'getPolicy' code (XACML Request) in policy.js. I just made very simple request whether response is permit or not because I'm not sure what I'm doing at that time.:

exports.getPolicy = function (roles, req, app_id) {
    var xml = xmlBuilder.create('Request', {
            'xmlns': 'urn:oasis:names:tc:xacml:3.0:core:schema:wd-17',
            'CombinedDecision': 'false',
            'ReturnPolicyIdList': 'false'})
    .ele('Attributes', {
            'Category': 'urn:oasis:names:tc:xacml:1.0:subject-category:access-subject'});

So, anyone can give me any information about implementation of security level 3?

解决方案

Upgrade to Wilma 6.2 (bug fixing).

Reuse the code from lib/azf.js which is known to work, and adapt the Request content to your needs. The variable is wrongly called XACMLPolicy there, but don't be mistaken, this is an actual XACML Request. This is using xml2json package to convert the JSON to XML, whereas in your code you seem to use a different one, xmlbuilder maybe? You didn't paste the full code - where does this xmlBuilder variable come from? - so I'm just guessing.

If you are indeed using xmlbuilder package and want to stick with it, I notice that in the example using namespaces, the xmlns attribute is put in a different way:

var xmlBuilder = require('xmlbuilder');

var xml = xmlBuilder.create('Request', { encoding: 'utf-8' })
.att('xmlns', 'urn:oasis:names:tc:xacml:3.0:core:schema:wd-17')
.att('CombinedDecision': 'false')
.att('ReturnPolicyIdList': 'false')
.ele('Attributes', {'Category': 'urn:oasis:names:tc:xacml:1.0:subject-category:access-subject'});

Maybe this makes a difference, I didn't check.

Also feel free to create an issue with your question on Wilma's github to get help from the dev team. (I am not one of them but we've worked together for AuthzForce integration.)

这篇关于如何在FIWARE中达到安全级别3？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！