Effective corporate governance depends on management's ability to achieve accountability in execution aligned with business objectives. Key to this is a dynamic access control solution, such as eXtensible authorization from Axiomatics. Unlike static authorization models, it utilizes centrally maintained policies that translate business rules and legal or regulatory requirements into directives which are consistently enforced within controlled IT systems.
Consistent policy enforcement
From a governance perspective, the most important difference between dynamic and eXtensible authorization and earlier static authorization models, such as Role Based Access Control (RBAC), is that eXtensible authorization is policy-based.
The policy structure of an XACML implementation can be layered with policies relating to different mandates grouped together. In current models, the introduction of a new access control policy in existing infrastructures requires configurations of multiple systems to be aligned with the requirements of the new mandate. After a shift to eXternalized authorization, compliance with new policy mandates is achieved simply by managing the centralized policies that are enforced across multiple applications.