Cloud scenarios

Data shared on the ground or in the cloud needs authorization services with delegation capabilities

Avoiding data leakage from your cloud services

Operating environments owned and managed by an entity other than the information owner, be it an outsourcing partner or a service provider in the cloud, often become the information security manager's nightmare. Data processing resources can be outsourced, but liability of information security and privacy always remain with the information owner.

Axiomatics offers solutions based on XACML 3.0, with flexible delegation of administrative privileges ideally suited to meet the needs of modern federated environments. Cloud computing is a new term for an established phenomenon. Services hosted by external partners are already well-known to IT managers. Yet, cloud computing does imply an escalation in terms of service distribution via virtualization of data processing and storage. Access management is certainly not less complex.

In these new environments, many organizations have tried to resolve their access management issues by means of federation. However, federated identities only address issues with regard to authentication. To handle access permissions within the service provided, delegation of authorization management privileges must also be achieved.

Service providers typically do not want to manage their client users' authorizations and moreover, even if they are willing, the service provider may not be trusted. At the same time, confidentiality and integrity requirements would be severely violated if other clients were able to impact the authorization policies controlling user access. A hierarchy of authorization management can help resolve difficult management tasks by delegating management authority to the proper information owner entity.

Hence, with delegation of administrative access control privileges, Axiomatics XACML 3.0 based solutions offer robust authorization services well suited to meet the needs in operating environments where multiple information owners share services for data processing and storage, or possibly even for mutual data exchange. Using solutions based on XACML 3.0 and Attribute-Based Access Control (ABAC), a service provider can configure the overall and general authorization schemes and then delegate administrative privileges to the respective data owners within the realm of their respective data processing needs.

Search


Read more

100% pure XACML
XACML is the standards language that enables enterprises to implement policy-based authorization. Products from Axiomatics implement XACML 2.0 and 3.0. This article describes the details of the OASIS standard.

eXtensible authorization
Extensible authorization is the common name for Axiomatics products and technologies.

Externalized authorization
Externalizing authorization from applications reduces development costs while enabling risk intelligent authorization.

ABAC Beyond RBAC
Access controls have in the past predominantly been managed with a static antiquated model, namely RBAC - Role Based Access Control. The time has come to look beyond this, and use a dynamic, intelligent model. It's time for ABAC - Attribute Based Access Control.

Attribute Based Access Control (ABAC)
Attribute-Based Access Control (ABAC) uses attributes as building blocks in a structured language that defines access control rules and describes access requests.

Analysis and further reading

To get more in-depth information on fine-grained, context aware access control, visit our resource centre. Once you have registered and logged on you can  access all our whitepapers.

Become a registered user

Contact Axiomatics

Would you like to learn more about Axiomatics solutions? Would you like to see a demo? Do you want to speak to an Axiomatics representative about your authorization requirements?

Contact Axiomatics