Spring takes away some of the great complexities of JEE and is a more light-weight and agile framework. It enables enterprise-level applications to be built with plain POJOs. But Spring also introduces dependency injection and inversion of control as important vehicles to help meet requirements
This is a joint post with Gunnar Peterson. Gunnar (@oneraindrop) is a Managing Principal at Arctec Group. He focuses on security architecture consulting and training. Experience includes Associate Editor for IEEE Security & Privacy Journal, a contributor to the DHS Build Security In portal on
David Brossard gave a presentation at the European Identity Conference OASIS workshop, where he looked at externalized authorization, attribute-based access control (ABAC) and XACML and how it can help implement privacy regulations. You can find the slides of the presentation
A quick post to summarize some developments and webinars that have taken place recently. Axiomatics has decided to make its domain specific authorization language ALFA publicly available by donating it to OASIS Standards consortium as a XACML profile. More details can be found in our press
Implementation of the custom ClaimsAuthorizationManager The custom authorization manager should derive from ClaimsAuthorizationManager and the only method that must be implemented is CheckAccess. As a result, the simplest, minimal implementation looks like the following: To make things
Implementation of the custom ClaimsAuthorizationManager The custom authorization manager should derive from ClaimsAuthorizationManager and the only method that must be implemented is CheckAccess. As a result, the simplest, minimal implementation looks like the following: To make things
This is the second in the series of blog posts that covers the basics of XACML. The previous post covered the XACML reference architecture, specifically looking at the flow of control across the various entities of the architecture (PEP, PDP, PIP, PRP, PAP). This post will cover the XACML policy
In this post we will dive deeper into the architecture of XACML, one of the core aspects of the standard. XACML stands for eXtensible Access Control Markup Language. It is the OASIS standard for fine-grained authorization management based on the concept of Attribute-based access control (ABAC),
XACML standard covers three major parts: Reference Architecture: The standard proposes reference architecture with commonly accepted names for the various entities involved in the architecture. Policy Language: The standard defines syntax for the language used to write access control rules and
(Short) Story of Access Control Access control can be thought of as a way to selectively restrict access to a specific resource. The actual process of obtaining the access to the resource is know as authorization. Over the course of several decades, several models of access control systems have