When testing your ABAC (Attribute Based Access Control) vendors solution you have or will have a few items to consider. The chief one being, will what we have bought or built suit our needs?
When testing your ABAC (Attribute Based Access Control) vendors solution you have or will have a few items to consider. The chief one being, will what we have bought or built suit our needs?
When testing your ABAC (Attribute Based Access Control) or PBAC (Policy Based Access Control) vendor solutions you have or will have a few items to consider. The chief one being, will what we have bought or built suit our needs?
As was stated in an earlier blog, there are quite a few vendors to start looking at in the ABAC field including Axiomatics, Bitkoo, Oracle, CA, Jericho Systems,Vordel, Cisco, Siemens, Epok, Layer 7, Quest, Pericore, NextLabs and IBM.
But for today’s entry I wanted to throw out a few tools I have worked with to test the messaging between the PEP (Policy Enforcement Point), the PDP/PDS (Policy Decision Point/Service), the Attribute Stores and the Policy Services.
I realize a quick list only scratches the testing service as fully defined test cases building off of both operational and system requirements is a necessity but I wanted to highlight a few tools and their basic functionality for those about to go down this path. Feel free to sound off below and add your own tools and test mechanisms. I might just update to entry to reflect them.
Tool | Description |
Parasoft SOATest |
|
Parasoft Load Test | Verifies application performance and functionality under heavy load. Existing end-to-end functional tests are leveraged for load testing, removing the barrier to comprehensive and continuous performance monitoring. |
TCPMon | Used to monitor traffic on TCP connections |
Wireshark | Used as a network protocol analyzer for Unix and Windows |
soapUI | Used to conduct functional testing of Web Services including SOAP and REST |
NMAP | Used to capture IP packets to determine what services (application name and version) the vendor applications are utilizing |
NCES CTK | Used for testing coverage for the service request and the service response within NCES |
The long and short of it is that you want to have the ability to test SOAP, SAML and most importantly XACML messaging within your solution