Entitlement Management

Entitlement Management is a term used to define important aspects of Access Control procedures and technologies in modern IT infrastructures. The term is fairly new and not always used consistently.

Entitlement Management — a new access control paradigm

Axiomatics defines Entitlement Management as a policy-based approach to enterprise-wide access control. Our products support the following aspects of policy-based authorization:

1. Access Policy Management - designing and maintaining access control policies
2. Access Policy Enforcement - controlling access requests and enforcing access decisions  in real-time
3. Access Policy Auditing - reviewing and verifying the effectiveness and efficiency of access controls and policy compliance

Moreover, an entitlement management solution needs to meet the following requirements:

• Standards-based - ensuring interoperability between platforms, applications and organizations, i.e. no more proprietary solutions and vendor dependencies.
• External to applications - providing access control to other services and applications, lowering the cost of application development and enabling consistent and enterprise-wide access policies.
• Fine-grained - defining access policies in terms of attributes of subjects (users), resources and the environment in which access is requested. This approach goes beyond all the previous access control models including Role Based Access Control (RBAC).
• Context-aware - defining access policies not only to answer the question "who can do what on which resource?", but also "Why?", "When?", "Where?" and "How?". Rules and policies combining various attributes define the context for a permitted access.