A large ERP software developer recently made a thorough review and concluded that more than 20% of development and code maintenance costs were related to Identity & Access Management (IAM) issues. Using products and services from Axiomatics, application developers and OEM partners can reduce development costs while enhancing their value propositions to customers and information owners.

The size of such efforts become difficult to defend particularly in environments where business applications need to collaborate to meet customer requirements. Any vendor using proprietary access control models (regardless of their quality), runs the risk of failing to meet customer expectations simply because its access management mechanisms hinder efficient inter-operation between systems at a customer site.

Therefore application vendors have a lot to gain from utilizing an industry standard such as XACML. Many application developers have implemented XACML support in the form of handling XACML request-response in one way or another.

We recommend a more thorough and consistent use of the new standard, i.e. utilizing standards-based access request-response queries in addition to externalized policy modelling. Filtering each and every access request through a Policy Enforcement Point (PEP), which intelligently handles the interaction with a Policy Decision Point (PDP) as a base component within the application's business logic, offers a number of values:

• Simplified business logic from  business rules relating to authorization. Rules that vary from customer to customer and within an organization itself can be externalized and handed over from an IT department to business management.
• Cost savings from reduced code development and maintenance as the developers do not need to design and develop proprietary access control solutions.
• Customer satisfaction improves as interoperability and integration capabilities are improved.
• Faster deployment as policy modelling can be handled externally at the application rather than requiring customization or complex configuration management.
• Improved auditability as all access requests can be recorded in one central audit log.

Application developers and vendors (OEM partners) that integrate the Axiomatics Policy Server with their own software deliverables appreciate the fact that compliance audits of their deliveries are simplified while they reduce their code maintenance costs and their need to maintain separate code branches for customized versions.