Axiomatics’ solutions implement Attribute Based Access Control (ABAC). This means that, when processing an access control request, digital rules can be evaluated to consider the attributes of the requestor, the attributes of the requested resource, and the attributes of the environment. This
Is your business or agency preparing to migrate to cloud technologies in 2018? Or have you already adopted the cloud and are looking for ways to enhance cloud security and protect your company or agency resources? As organizations trend towards cloud environments, new challenges and opportunities
This Use Case, Federal Mission: Dissemination and Information Sharing using Attribute Based Access Control (ABAC), discusses how an ABAC model can be used to disseminate information between agencies widely and securely. By using a fine-grained, ABAC implementation such as Axiomatics Policy Server
Background When a policy is being evaluated in XACML 3.0 Policy Decision Points (PDP), Obligations and Advice elements will be ignored for “Indeterminate” and “Not Applicable” results. Only a "Permit " or "Deny" condition will result in an Obligation or Advice message being returned. This
The XACML standard provides a means of returning the reason for an access request denial through the use of the Obligations and Advice expressions, which were added in the 3.0 standard. A comprehensive explanation of Obligations and Advice can be found in our blog entry titledYou are not obliged to
Scale the heights of enterprise access control: IT and security leaders in large organizations often find themselves standing at the foot of a daunting mountain. That mountain is a mandate from their leadership to “improve security,” “do a better job in protecting data,” and “improve
When authoring an access control policy, you may be creating a logical structure that calls for a negative expression. For example, you might be protecting a resource where access approval requires that the requestor not be a part-time employee . Negative Logic in XACML In the natural language
The Abbreviated Language for Authorization (ALFA)is a pseudocode language used in the formulation of access control policies. ALFA maps directly into the eXtensible Access Control Markup Language (XACML) and contains the same structural elements as XACML (i.e. PolicySet, Policy, and Rule). The
This blog will look more closely at the scenarios where you want to evaluate an attribute on a particular target. First, let’s define a few XACML terms right from the start: An Attribute is defined as the “characteristic of a subject, resource, action or environment that may be referenced in