Data shared on the ground or in the cloud needs authorization services with delegation capabilities
Avoiding data leakage from your cloud services
Operating environments owned and managed by an entity other than the information owner, be it an outsourcing partner or a service provider in the cloud, often become the information security manager's nightmare. Data processing resources can be outsourced, but liability of information security and privacy always remain with the information owner.
Axiomatics offers solutions based on XACML 3.0, with flexible delegation of administrative privileges ideally suited to meet the needs of modern federated environments. Cloud computing is a new term for an established phenomenon. Services hosted by external partners are already well-known to IT managers. Yet, cloud computing does imply an escalation in terms of service distribution via virtualization of data processing and storage. Access management is certainly not less complex.
In these new environments, many organizations have tried to resolve their access management issues by means of federation. However, federated identities only address issues with regard to authentication. To handle access permissions within the service provided, delegation of authorization management privileges must also be achieved.
Service providers typically do not want to manage their client users' authorizations and moreover, even if they are willing, the service provider may not be trusted. At the same time, confidentiality and integrity requirements would be severely violated if other clients were able to impact the authorization policies controlling user access. A hierarchy of authorization management can help resolve difficult management tasks by delegating management authority to the proper information owner entity.
Hence, with delegation of administrative access control privileges, Axiomatics XACML 3.0 based solutions offer robust authorization services well suited to meet the needs in operating environments where multiple information owners share services for data processing and storage, or possibly even for mutual data exchange. Using solutions based on XACML 3.0 and Attribute-Based Access Control (ABAC), a service provider can configure the overall and general authorization schemes and then delegate administrative privileges to the respective data owners within the realm of their respective data processing needs.