Identity Patterns with the WSO2 Identity Server
Fine-grained access control for APIs
Problem:
Fine-grained access control for APIs
Problem:
- Access to the business APIs must be done in a fine-grained manner.
- Only the users belong to the business-admin role should be able to access foo and bar APIs during a weekday from 8 AM to 5 PM.
- Setup the WSO2 Identity Server as the key manager of the WSO2 API Manager.
- Write a scope handler and deploy it in the WSO2 Identity Server to talk to it’s XACML engine during the token validation phase.
- Create XACML policies using the WSO2 Identity Server’s XACML policy wizard to address the business needs.
- Products: WSO2 Identity Server 5.0.0+, API Manager, Governance Registr
