Skip to content

Implementing Fine-Grained Access Control with AuthZForce for FIWARE Services #13

Description

@tonyrosset

I'm working on securing a FIWARE system (Orion,

Quantum Leap) using Keyrock, Wilma, and AuthZForce. My goal is to implement fine-grained access control based on FIWARE services.

Each entity in our system belongs to a service, identified by the Fiware-Service header. I want to restrict access to these services based on user roles:

User1: Can only access fiwareservice1
User2: Can access fiwareservice2 and fiwareservice3
User3: Can access all services

I'm struggling to create appropriate XACML policies in AuthZForce to enforce these rules. Has anyone successfully implemented a similar setup?

I'm open to suggestions if this approach is not ideal or if there are alternative methods for managing service-based access control in FIWARE.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions