c0c0n3
commented
4 years ago adding @gboege's visual great visual explanation too:
https://docs.google.com/document/d/1U0kcHuqVapm8_S4El-a9vgzAWbt8PypiN95zlKYpoXw
Closed gboege closed 4 years ago
c0c0n3
commented
4 years ago adding @gboege's visual great visual explanation too:
https://docs.google.com/document/d/1U0kcHuqVapm8_S4El-a9vgzAWbt8PypiN95zlKYpoXw
gboege
commented
4 years ago Please note the following for the attached demo XACML Request:
Important:
c0c0n3
commented
4 years ago closed by #39
A) Incoming requests: 1) We have already extracted the header-Header from the message and you have all enclosed data at hand. 2) We have extracted and validated the DAPS JWT -> New: We have to compare the issuer ID from the header-Header with the issuer from the DAPS JWT
3) We already have the Verb and Path from the request
4) New: We now need to extract and secret-validate the data from the Authorization JWT. (Secret must be configured, Domain and AppID now come from the Authorization JWT
5) Update the XACML request (I will create a temp -> with shortest exp Date
Outgoing Reponse: The response does not need an Authorization token The header-Object Header should be created and attached as it is now, until the next version.
B) Outgoing requests (Notifications): The header-Object Header should be created and attached as it is now, until the next version. No Generation/Attachment of an Authorization header (might be already added by Orion)
Incoming Response: 1) We have already extracted the header-Header from the message and you have all enclosed data at hand. 2) We have extracted and validated the DAPS JWT -> We have to compare the issuer from the header-Header with the issuer from the DAPS JWT