Today's consumers are use to everything being a few clicks away. Not surprisingly, they expect the same from all other services, including private banking, insurance, health care and government. This is now achievable with eXtensible authorization, which simplifies secure information sharing and supports corresponding new business models.
Fast deployment of new secure online services
Software developers always have a set of "non-functional requirements" to meet in addition to the actual functions they are expected to deliver. "Non-functional" does not mean that they do not have a function, in fact quite the opposite. Access control, for instance, is "non-functional" and without it a new service will undoubtedly fail.
To date, authorization logic has been predominantly built into each and every application, adding complexity and potential cause for errors. Software development lifecycles typically include analysis, design, implementation, testing, release, and deployment phases. Naturally, depending on the development model, iterations through these phases will differ. However, regardless of the model, research, such as the one shown below, has clearly shown that the later a correction or change is implemented, the more difficult and costly it becomes.
[GRAPH - cf http://www.microsoft.com/security/sdl/assets/images/benefits_reducecost_01.jpg]
A recent Microsoft sponsored Forrester Consulting report [LINK ]estimated the cost of change or error correction increases for each of these phases with a factor of five, ten, and fifteen respectively. In the final post-release or production phase, change efforts are 30 times more costly than changes captured prior to this.
Access control requirements are often likely to change throughout development life cycles and production phases. New regulatory requirements typically include access control aspects that need to be catered for with designated systems in production. These changes are generally cumbersome as the authorization algorithm is usually "hard-coded" into the application logic.
Extensible authorization externalizes all of the authorization logic from the application. It simplifies all software development phases since Policy Enforcement Point components are reused over and over again. But more importantly, it allows changes to be made to the access control logic even in a post-release phase of software life cycles â€“ the phase with a 30x cost increase â€“ without any changes being made in the actual application code.
Furthermore, information that was not previously available, as it required fine-grained authorization capabilities, can now be managed and used to drive new business opportunities.
The result: faster, less expensive, and more secure deployment of new applications and services, including those that manage online transactions and/or highly sensitive data.