I'm completely new to both the topics. Can someone help me with step by step tutorials to implement them?
An alternative to both of them can also be suggested.
First a word of warning: GeoXACML spec was written as an extension to XACML 2.0, since it was the last version of XACML at the time (last GeoXACML version dates back to 2011). Now, AuthzForce only supports XACML 3.0. Yet, this is no big deal, the XACML 2.0 terms and model elements used in GeoXACML can be adapted to XACML 3.0 easily (few changes to XACML schema in particular). If you have issues with that process, let us know. I strongly recommend to migrate to XACML 3.0 anyway, if you are still using XACML 2.0.
Back to the original question, assuming you agree to use GeoXACML with XACML 3.0, you can implement it in AuthzForce with just two kinds of AuthzForce extensions:
XACML Data-Types: as the name suggests, this is the kind of extension you have to implement in AuthzForce to support the new Data Types defined in section 6.3.1 of the GeoXACML spec v1.0.1. See the wiki page on AuthzForce's github repo to learn how to develop such extension.
XACML Functions: as the name suggests, this is the kind of extension you have to implement in AuthzForce to support the new Functions defined in section 6.3.2 of the GeoXACML spec v1.0.1. See the wiki page on AuthzForce's github repo to learn how to develop such extension.
With that, I think you're covered.
If you have AuthzForce-specific issues with the development of the extensions, please use one of the support channels mentioned on the github (or github issues).
I've reviewed your question and your comments throughout this thread. I understand you are new to XACML altogether. With that in mind, I will seek to elevate your understanding of XACML and how to integrate GeoXACML or generally implement geographical constraints in your policy in my answer.
Understanding XACML
The XACML policy language is as expressive as a natural language. For example, consider the following sentence:
Jane Doe wants to view a confidential document at work during regular
business hours.
A sentence like this includes four grammatical building blocks:
– a subject
– an action
– a resource
– the environment in which the request is made
Each of these “building blocks” can be described using attributes.
To create the authorization policies for an organization, you will want to collect the requirements from the individuals responsible for defining information security policies.
Next you would take the policies provided by the personnel responsible for authorization policies and identify the attributes.
We typically look at defining:
Short name: the user-friendly name of an attribute e.g. role or
citizenship. It is the name usually displayed in editors and
reporting tools.
Namespace: the context to which the attribute belongs. Namespace
follows the reverse domain name notation naming convention, like we
use in Java. So, if we have com.organization.user, we can append a
short name like role to create the fully qualified XACML attribute
identifier com.organization.role.
Category: a concept that comes straight from XACML that states an
attribute always belongs to a category. There are 4 commonly used
categories: subject, action, resource, and environment; they are
defined in step 2 of our tutorial.
Data type: a classification of the data. Attribute values can be of
different types in XACML. The most commonly used are string, integer,
and Boolean. There over a dozen data types available to choose from.
Value range: an optional field to specify a pattern or range of
provided values. Attribute values may be completely random (e.g. a
user’s first name). Others belong to a fixed list of values e.g.
state names or a pattern e.g. zip codes.
For more information on implementing ABAC in an organization, please check out the blog post I wrote on my employer's website here: https://www.axiomatics.com/blog/intro-to-attribute-based-access-control-abac/
I also have an article on my personal blog based on a StackOverflow question, "How to authorize specific resources based on users who created those in REST, using annotations?". The answer provides another good overview of XACML and ABAC in general.
Regarding GeoXACML and geographical constraints in general
I'm not sure of your exact use case, but I want to mention that ipAddress is a data type in XACML, in case it is suitable for your use case (i.e. your systems encounter ip addresses that are not routed through VPNs or other ip obfuscating methods, etc.). The list of data types can be found here: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html.
I'm not aware of any software that offers GeoXACML out of the box with an enterprise grade XACML implementation. What we can offer here at Axiomatics - my employer - is to extend our software, Axiomatics Policy Server, for you to include GeoXACML or even other geographical features to your taste. (Note: When my colleague David Brossard was suggesting in an above comment that you "try Axiomatics PS," it stood for Axiomatics Policy Server.)
The "X" in XACML stands for extensible. And, indeed, the model is extensible enough to offer the flexibility that is required to perform such actions.
The XACML Core Specification version 3.0 actually has a section named XACML extension points, which list all the points where the XACML model and schema can be extended with new semantic. The extension points are:
Category
AttributeId
DataType
FunctionId
MatchId
ObligationId
AdviceId
PolicyCombiningAlgId
RuleCombiningAlgId
StatusCode
SubjectCategory
You can follow up with any questions here on StackOverflow or through the contact pages on the provided websites.
Best,
Michael
Related
We have a currently a large API which serves many different clients and apps. As we want to move forward, we are in discussion to split up our API endpoint into dedicated ones.
Our base-URL is like this api.domain.com/{apiVersion}
With this, we serve for example our main App and an Reseller App:
Users Endpoint: api.domain.com/v1/users
Resellers Endpoint: api.domain.com/v1/resellers/sales
Our Idea is to change that either into:
api.domain.com/users
api.domain.com/resellers/sales
or into:
users.domain.com
resellers.domain.com/sales
I didn't find any good best practices on that, so maybe some has an interesting link or some opinion on that matter.
My preference would be api.domain.com/..., as everything is an API and you dont have to change the base url, but the second one makes it more dedicated imho.
Thanks in advance.
It might be useful to review Roy Fielding on Versioning, Hypermedia, and REST.
Unfortunately, versioning interface names only manages change for the API owner’s sake. That is a myopic view of interface design: one where the owner’s desire for control ignores the customer’s need for continuity.
....
It is always possible for some unexpected reason to come along that requires a completely different API, especially when the semantics of the interface change or security issues require the abandonment of previously deployed software. My point was that there is no need to anticipate such world-breaking changes with a version ID. We have the hostname for that. What you are creating is not a new version of the API, but a new system with a new brand.
(emphasis added)
You can also review Fielding's slides from Evolve '13
Using codeigniter 2. Don't want to reinvent the wheel. Have tried Grocery_CRUD and found it takes as long, or longer, to learn it that it did to learn codeigniter.
Looking for crud library that makes sense, easy to learn so I don't reinvent the wheel.
Many thanks for any ideas.
You can use http://www.grocerycrud.com
It's easy to use with codeigniter.
Sample use
$this->grocery_crud->set_table('customers');
$this->grocery_crud->columns('customerName','phone','addressLine1','creditLimit');
$this->grocery_crud->render();
Also you can take look at https://github.com/jamierumbelow/codeigniter-base-model
This is very basic base model class for CI
Subjective but take a look at https://github.com/keevitaja/simple-crud-codeigniter
Why don't you try MY_Model to do all the CRUD functionality?
MY_Model
Just want to inform all you that I have released CRUDDER. This is a plug-in module for your application that works as a CRUD solution, ideal for systems back-ends.
CRUDDER is developed using CodeIgniter and Bootstrap for look&feel. You can develop your own skin appart from the Bootstrapped one. Full localization is possible. CRUDDER is designed to be intuitive and easy to use. The interfaces always show on-line help tips related to the CRUDDER itself and also to your database characteristics.
I'm attaching here an image of the CRUDDER example contained in the product web page so you can figure how easy it's to use.
On the other hand, you will find that configuration is very easy. There is no need to write code other than your own custom validation rules (more powerful than the CodeIgniter ones). There are only two classes: one contains all the functionality code and the other, Crudderconfig, encapsulates the configuration and localization parameters.
In contrast to other commonly used open-source CRUD solutions available, in CRUDDER all the table-and-field-specific metadata don't require to write code. All of this is contained in two "metatables", that can also be managed using the CRUDDER itself... so you use the CRUDDER to create your own CRUD rules (don't need to use phpMyAdmin, for example). This is a plus for users seeking for simplicity.
A full list of features is available:
Open the project web page
Among them:
Pluggable to applications not developed with CodeIgniter.
Sort, filter and pagination features, among others.
Soft deletes with unique-index collision avoidance.
Automatic menu-type form fields based on other tables content.
Extensible event triggering when a value is changed in a form.
Interface help tips for fields are contained in the database.
Designed with strong security in mind.
Take a look! Write me if you like it, have questions or want another functionality.
CRUDDER is released under the GNU LGPL license.
Is there any tutorial available for how do i add custom fields on front end check out step like PO number,Job name , customer comments etc as well as in admin->create->order.
My usual motto is to find (and buy if needed) a module that already has the functionality you seek. Especially when the life of this project involves version upgrades because then you can seek a pre-packaged solution from the provider.
I regret every bit of custom code I have added to our Magento install. Because now I've got to maintain the site to just keep working in addition to figuring out my hacks. Time to devote more time to replacing hacks with off-the-shelf extensions, which would have been much faster in the first place.
I know this attitude goes somewhat against the stack overflow thinking of I can do anything, but really, Magento's job is to enable someone to do less work.
Two years later, an update: after the gentle poke of a downvote (probably for appearing to shrug off the question), I am back to revisit and share some of what I've learned. The programming aspect of additional fields is the concept of persistence of the data.
If you're ok with the custom fields only appearing in the transactional emails following the order, then the task is as "simple" as adding the fields to the form somewhere and then updating the controller to to catch and insert the post data into the email. You can use a custom variable in the back end to readily expose this to the email templates. And a Magento SE on programatically creating a custom variable.
Getting persistence into the back end requires adding database fields via an installer in your module. The iCoreThink blog lays out the steps clearly and explains why, how to confirm your work, and then provides real-world implementation, like displaying to the customer in their account. The "other blog" mentioned below has a great example of this, though his example is specifically related to billing and shipping.
Resources from my upvotes and bookmarks:
» This iCoreThink blog post is my favorite reference so far and what I'm following now.
» I was using Templates Master's FireCheckout which includes their own checkoutfields module, but I've abandoned their single view checkout for the flow of Magento's one page checkout. I'm now trying to adapt their checkout fields (and use their controller) into my template for checkout.
» I thought for sure Alan Storm wrote an article about Checkout custom fields, but I don't see one.
» This Magento SE lists a couple blogs and a paid extension. The excellence blog is ok, but his style is too rote for me and I don't learn anything. The other blog discusses the procedure for building your module and installing the database fields.
» The unexpected-IT blog demonstrates and informal hack to add the code to core files (but sadly doesn't show how to override those files by copying them to app/code/local) and the steps to manually perform to get the column and fields added in the database. Apparently is perfect for 1.4 and below, but comments seem to explain what to do for 1.5 and up.
This last hack-ish change is my personal favorite as it seamlessly adds the extra bits into existing Magento admin pages and "feels like" less work. Caveats: I wouldn't do this without using version control and it will absolutely break if any core code changes happen between version upgrades.
I searched on web but I didn't find anything related to i18n and Go.
I wish to use Go for develop web sites. What is the best way to handle internationalization?
go-i18n has some nice features:
Implements CLDR plural rules.
Uses text/template for strings with variables.
Translation files are simple JSON.
Packages roadmap
Comprehensive support for international text.
Support for international dates, times, etc.
Support for multilingual messages.
As you can see from the Go Roadmap, Go doesn't provide full i18n support yet.
The new template package allows you to at add a function to template's function map, that would transform the given string to a localized version. What's going on underneath would be up to you for now, as the language choice could be based on headers sent by the browser.
That's a very basic use case for adding localized messages in a web app, for one.
Can't wait for the proper support for internationalization, local date and time formats.
I’m about to write quite a big web site that will basically be a forum, divided to (many) different subjects and allow users’ score.
I’ll be using MVC, so I (“naively”) asked this question about how to partition the Model portion of MVC, which is likely to be very large.
Two things I realized from the answers I got:
I really don’t know much about designing software.
There are many ways to implement MVC
So I have now two questions:
(That’s a bit theoretical-) Would
you say designing a software is
completely deterministic i.e.- For a
specific set of requirements there
is one best design? If not- why?
What are the common components
(necessary and optional) of MVC that
I should consider in writing my site
(resources for beginners would be
great)?
Although Java/JSP/Servlet targeted, you may get some useful insights out of this answer. It describes the common patterns to be used in MVC and the approach how to fit them all together. Here's a summary:
Front Controller pattern (Mediator pattern) - the controller
Strategy pattern - the business actions
Abstract factory pattern - to let controller obtain the desired business action.
Facade pattern - to abstract the raw HTTP details away.
State pattern - to introduce a lifecycle which abstracts gathering of request parameters, validation, conversion, updating model values, etc away.
Composite pattern - to create an advanced component tree for the view.
For ASP.Net MVC, a good entry level, free tutorial is the 'MVC 2 Music Store' by Jon Galloway. You can find it here. Note that the current version of ASP.Net MVC is MVC 2.
A more thorough tutorial is the Nerd Dinner tutorial. However the creators are still in the process of updating it to MVC 2. You can check for updates and downloads here.
I would recommend using resources for MVC 2 as there are some significant improvements over the first version. Also MVC 3 is on the horizon and you want to hit the ground running.
I would also recommend keeping an eye on MVC 3 improvements if you're serious about getting up to speed in this space. A good blog to subscribe to is Phil Haack's Haacked. Phil is the project manager for MVC at Microsoft.
In terms of textbooks, the gold standard is Steven Sanderson's 'Pro ASP.Net MVC 2 Framework'. The first review on Amazon is from Scott Guthrie, a Microsoft VP, who raves about the book. He also has a competing book of his own. You can get the ebook from Apress here. Do a google search for Apress promo codes and you may save a few dollars.
Good luck.
Software is definitely not deterministic. Theories in programming are constantly developing and improving, which is what makes the field such a fast-paced and exciting place to work. Also, what may seem like the best approach to a software problem right now could be obsolete in a matter of months by a newer, improved technology.