eXtensible authorization

XACML Introduction

The introduction course provides a comprehensive overview of XACML-based Entitlement Management. It covers the basic concepts of the XACML standard and its different versions, including the current 3.0 draft. The goal of the course is to give attendees a good understanding of XACML as a policy language and to help them envisage what new possibilities can be gained from using XACML.

The course is designed for IT-security managers and implementers who want a crash-course in XACML to assess its potential for their enterprise and applications.

The topics covered include:

  • The history of and the drivers behind the XACML standard
  • The basic architecture of an XACML-based entitlement management solution
  • Externalizing access control in relation to applications and services
  • How attribute-based access control supersedes earlier access control mechanism such as RBAC
  • Basing access control decisions on attributes describing the subject, resource, action and environment respectively
  • How fine-grained access control can be achieved and why it is required
  • How context-aware authorization schemes can be implemented
  • The structure of XACML policies
  • How XACML policies are evaluated and resolved
  • Examples of SOA scenarios including a business case for XACML
  • XACML and SAML
 
XACML Advanced

Our advanced XACML training course will mainly focus on hands-on exercises during which the Axiomatics' Policy Server will be used to practice XACML policy creation, testing and debugging.

The course is intended for those working with IT-security who will use XACML in their enterprise and need the skills to create and administer XACML-policies.

The topics that will be covered include:

  • Using the Axiomatics Policy Administration Point for policy Life Cycle Management
    • Policy
    • Creation
    • Testing and debugging
    • Deployment
    • Evaluation
    • Retirement
  • In this course we cover core XACML functionality
    • Target matching
    • Policies and Policy sets
    • Rules
    • Conditions
    • Obligations
    • XPath expressions
    • Multiple resource profile
    • Delegation of administrative privileges in XACML 3.0
    • Creating trusted administrative policies
    • Creating delegated administrative policies
    • Creating delegated access policies