Authorization with Talend ESB - 7.1

Talend ESB Infrastructure Services Configuration Guide

Version
7.1
Language
English (United States)
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade
This chapter describes the Talend ESB authorization solution. This product is available with Talend ESB; it is not included in the Talend Open Studio for ESB.

Talend ESB Authorization uses the XACML standard to specify access control. Talend ESB Authorization components are based on this standard and use the HERAS_AF core as the basis of its implementation. As of this version of Talend ESB, the Talend ESB Authorization components support the following:

  • PEP (Policy Enforcement Point): A CXF interceptor which intercepts access requests to a resource and enforces the authorization decision of the PDP. This will be described in the next chapter.
  • PDP (Policy Decision Point): Requests the needed XACML policies from a policy repository and evaluates the request.
  • Policy Repository/Registry: Stores XACML policies. The Talend XACML Registry is based on JCR (Apache Jackrabbit) and is accessed via one front end, a ATOM-based rest interface. It supports deployment, retrieval, and deletion of XACML policies.
  • PAP (Policy Administration Point): A user interface for the administration of policies, described in the Talend Administration Center User Guide.
  • PIP (Policy Information Point): Supply external policy context and attributes: subject credentials and attributes verification.