eXtensible authorization

The IAM (R)evolution

Over the years organizations’ Identity & Access Management (IAM) needs have changed considerably. In the past, requirements have revolved around protecting business critical assets by restricting access to them. Today however, there has been a shift in corporate thinking. Organizations see the benefits and opportunities that can be gained from sharing assets and information across organizational borders securely and effectively.

This leads to a pivotal change in access control strategies – from "need to know" level access controls to a "need to share" paradigm. Existing IAM solutions often fail to meet the new requirements. They offer a static and coarse-grained set of access configurations, when today’s business processes demand a more dynamic and fine-grained approach.

Not surprisingly, organizations are seeking to evolve their existing infrastructures, while leveraging the investments they have made in the past. One that offers faster and more efficient deployment of new services while enabling an organization to be more agile and responsive to change requests. An efficient way to achieve this is by combing two relatively new IAM concepts – Federated Identity Management and Attribute Access Based Control (ABAC). Where the former typically makes use of the SAML standard, the latter ideally is based on XACML. Adherence with standards is yet another benefit since most IAM solutions to date have been built on expensive proprietary technologies and protocols.

The combination of these standards based concepts is revolutionary in the sense that they use policies and a higher level of abstraction and logic to replace the static and coarse-grained access configurations of the past.  However, from a business perspective they represent more of an evolution, since they enhance and broaden capabilities of existing IAM infrastructures. The benefits are clear to see:

  • Dynamic, fine grained access control
  • Simplified administration
  • Asset sharing across organizational borders
  • Faster deployment of new services
  • Considerably reduces operational costs
  • Improved compliance capabilities