Implementing Fine-Grained Access Control with AuthZForce for FIWARE Services #13
Description
I'm working on securing a FIWARE system (Orion,
Quantum Leap) using Keyrock, Wilma, and AuthZForce. My goal is to implement fine-grained access control based on FIWARE services.
Each entity in our system belongs to a service, identified by the Fiware-Service header. I want to restrict access to these services based on user roles:
User1: Can only access fiwareservice1
User2: Can access fiwareservice2 and fiwareservice3
User3: Can access all services
I'm struggling to create appropriate XACML policies in AuthZForce to enforce these rules. Has anyone successfully implemented a similar setup?
I'm open to suggestions if this approach is not ideal or if there are alternative methods for managing service-based access control in FIWARE.