During Gartner’s recent IAM conference, I noticed an emerging conversation around the issues of API usage at the enterprise level. Enterprise adoption of APIs is viewed as an inevitable consequence of the ongoing digital transformation many IT professionals are managing. API stands for
This use case happens in many different industries, such as: Banking: account management Healthcare: medical record access There are other types of delegation possible, e.g. a parent-child delegation. For instance, as a parent, I want access to my underage children’s medical records. This
Some examples of policies are: Managers can view documents in their city Users can edit documents they own Each policy uses attributes. In the examples above, the policies use the following attributes: A user’s role e.g. manager An action e.g. view, edit. A resource type e.g.
Break the Glass Scenario By default users have access to what they need to get access to. Example authorization policy: doctors can view the medical records of their patients. Sometimes, though, in the case of an emergency, users need access to information they don't normally have access
Example of policies can be: Managers can view documents in their city. Users can edit documents they own Each policy uses attributes. In the examples above, the policies use the following attributes: A user’s role e.g. manager An action e.g. view, edit. A resource type e.g.
The Policy Enforcement Point (PEP) sends the PDP an authorization request. The PDP inspects the request and must return a decision. There are four possible decisions: Permit Deny NotApplicable Indeterminate If operating correctly, the PDP must always return one of these 4 decisions. Permit and
Key Attributes and Derived Attributes Key Attributes are the basis of a XACML request. PEPs can send any number of attributes to the PDP. At the very minimum it needs to send "key" attributes i.e. the user identity, the resource identity and type and the action identity. This creates the minimal
XACML Targets Targets are an easy way to define the scope of an authorization policy. Targets can be used in all three XACML structural elements (policy set, policy, or rule). Targets always follow an AND / OR / AND structure. For instance, with a target, it is simple to implement citizenship ==
Patient enablement / self-service With respect to health care, a McKinsey report from late 2014 explains that health care IT is evolving at the same speed as other industries, and this will be no different in the future. McKinsey considers that more than 75% of all patients expect to use digital
As the web constantly evolves, so too do its foundations. Today, the web as we know it is built on web applications, web services, and APIs. This is a natural evolution from SOA (Service-Oriented Architecture) which was the foundation for a loosely coupled environment a decade ago. In SOA,