I just started using wso2 identity server. I want to know how can we manage self created database through an WSO2 identity server and can we apply xacml policies created using WSO2 tryit tool on that database? How can it be done? Any help would be appreciated. Thank you. Regards
0
votes
To find an open source solution, could you give more info on your database server? This would determine the kind of PEP implementation you need. If you want a PEP as reverse proxy (on the network), then it depends on the client/server protocol used by the database server. This is not standard among database products. If you want a PEP embedded in the database server, then it depends obviously on the API or any integration point the database product has to offer for filtering requests/responses.
– cdan
... So you may start to look for open source database firewalls/gateways/proxies/filters compatible with your database server. For example, GreenSQL supports MySQL and PostgreSQL. Then you can enhance it to implement the actual XACML PDP client part that will talk to an open source PDP like the ones listed on the Wikipedia page, e.g. AuthzForce (Java or REST API), Apache OpenAZ (Java or REST) or WSO2 Balana (Java).
– cdan
1 Answers
0
votes
As far as I know, WSO2 IS cannot be used to secure databases. Have a look at the Data Access Filter instead.
What the Data Access Filter does is:
- it lets you create XACML policies e.g. managers can view transactions in their branch.
- it intercepts SQL traffic going to the database e.g.
SELECT * FROM transactionsand determines the end user's identity and branch e.g.AliceinCharlotte. - it modifies the SQL statement according to the policy e.g.
SELECT * FROM transactions WHERE branch='Charlotte' - It forwards the modified statement to the backend database so that only entitled data is retrieved.
This lets you do dynamic data filtering and dynamic data masking.
