Today's consumers are use to everything being a few clicks away. Not surprisingly, they expect the same from all other services, including private banking, insurance, health care and government. This is now achievable with eXtensible authorization, which simplifies secure information sharing and supports corresponding new business models.  

Fast deployment of new secure online services

Software developers always have a set of "non-functional requirements" to meet in addition to the actual functions they are expected to deliver. "Non-functional" does not mean that they do not have a function, in fact quite the opposite. Access control, for instance, is "non-functional" and without it a new service will undoubtedly fail.

To date, authorization logic has been predominantly built into each and every application, adding complexity and potential cause for errors. Software development lifecycles typically include analysis, design, implementation, testing, release, and deployment phases. Naturally, depending on the development model, iterations through these phases will differ. However, regardless of the model, research, such as the one shown below, has clearly shown that the later a correction or change is implemented, the more difficult and costly it becomes.

[GRAPH - cf http://www.microsoft.com/security/sdl/assets/images/benefits_reducecost_01.jpg]

A recent Microsoft sponsored Forrester Consulting report [LINK ]estimated the cost of change or error correction increases for each of these phases with a factor of five, ten, and fifteen respectively. In the final post-release or production phase, change efforts are 30 times more costly than changes captured prior to this.

Access control requirements are often likely to change throughout development life cycles and  production phases. New regulatory requirements typically include access control aspects that need to be catered for with designated systems in production. These changes are generally cumbersome as the authorization algorithm is usually "hard-coded" into the application logic.

Extensible authorization externalizes all of the authorization logic from the application. It simplifies all software development phases since Policy Enforcement Point components are reused over and over again. But more importantly, it allows changes to be made to the access control logic even in a post-release phase of software life cycles – the phase with a 30x cost increase – without any changes being made in the actual application code.

Furthermore, information that was not previously available, as it required fine-grained authorization capabilities, can now be managed and used to drive new business opportunities.

The result: faster, less expensive, and more secure deployment of new applications and services, including those that manage online transactions and/or highly sensitive data.

Search


The XACML Value Proposition

Cost savings may not be your primary reason to look for standards-based and fine-grained access control. It is, however, a predominant side-effect. Once you achieve secure information sharing you also enable new business opportunities. Read more...

Standards-based solutions

Cloud, mobile computing, multiple user identities, etcetera, are all factors that in the past, required an individual approach to access control. With XACML, standards-based authorization solutions can now encompass virtually any technology. Read more...

Trusted solutions provider

Axiomatics solutions can be found in use at leading global entities within finance, manufacturing, healthcare, and the public sector. Our trusted technology has been consecutively chosen for the world's largest XACML deployments. Read more...

Technology

Axiomatics is a driving force in authorization technology. The company's dedicated research hub boasts many of the world's leading experts in XACML, the standard that powers attribute based access control (ABAC), while the Axiomatics CTO is the editor of the OASIS XACML 3.0 specification. Furthermore, Axiomatics was the first organization to attest complete XACML 3.0 speciication conformance.

ABAC

Attribute-Based Access Control (ABAC) surpasses all previous authorization models. It provides easily scalable, dynamic, context-aware and risk-intelligent access control, essential for the modern enterprise.

Solutions

Axiomatics solutions deliver anywhere, any-depth access control across virtually any and every IT environment. They enable secure sharing of information across and within organization's borders and boundaries and compliance with ever-evolving regulatory mandates, while promoting new business opportunities, reducing time-to-market and cutting IT development costs.

eXtensible Authorization

Axiomatics solutions bring together the benefits of standardization, through XACML, with the proven results of externalized authorization. This is more commonly known as eXtensible Authorization.