TESB Authorization XACML PolicyDecisionPoint - 7.1

Talend ESB Infrastructure Services Configuration Guide

Version
7.1
Language
English (United States)
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade

Talend ESB ships with a PDP implementation to provide authorization decisions for a TESB endpoint. The TESB PDP is an extension of the HERAS-AF SimplePDP.

There are two ways to access the Talend ESB PDP.

  • JAX-RS. The PDP is exposed as a JAX-RS service that allows a JAX-RS client the ability to see whether a given request is authorized or not. The user must POST a XACML Request to /pdp/authorize. The next chapter describes how to configure a Policy Enforcement Point (PEP), which takes care of invoking on the PDP and enforcing the authorization decision.
  • Co-located. The PDP can be retrieved as a service from the OSGi registry in the container. This allows the PEP to make an authorization request without the overhead of a remote call. See the next chapter for more details.