TESB Authorization XACML PolicyDecisionPoint - 7.1

Talend ESB Infrastructure Services Configuration Guide

EnrichVersion
7.1
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
EnrichPlatform
Talend ESB
Talend Runtime
task
Design and Development
Installation and Upgrade

Talend ESB ships with a PDP implementation to provide authorization decisions for a TESB endpoint. The TESB PDP is an extension of the HERAS-AF SimplePDP.

There are two ways to access the Talend ESB PDP.

  • JAX-RS. The PDP is exposed as a JAX-RS service that allows a JAX-RS client the ability to see whether a given request is authorized or not. The user must POST a XACML Request to /pdp/authorize. The next chapter describes how to configure a Policy Enforcement Point (PEP), which takes care of invoking on the PDP and enforcing the authorization decision.
  • Co-located. The PDP can be retrieved as a service from the OSGi registry in the container. This allows the PEP to make an authorization request without the overhead of a remote call. See the next chapter for more details.