David is the VP of Customer Relations for Axiomatics and oversees the successful deployment and integration of Axiomatics solutions on customer sites. David makes sure customers are satisfied with Axiomatics solutions.

How Using ABAC Can Improve API Security in 2017

During Gartner’s recent IAM conference, I noticed an emerging conversation around the issues of API usage at the enterprise level. Enterprise adoption of APIs is viewed as an inevitable consequence of the ongoing digital transformation many IT professionals are managing.

API stands for Application Programming Interface and they help developers create applications that communicate easily with other applications and services. APIs are the backbone of any application ecosystem, which are a huge part of the trend towards digital transformation. All of those applications talking to one another are generating a huge amount of user data that enterprise companies need to be prepared to manage and secure.

Continue reading
601 Hits
0 Comments

Going on vacation, how can I implement delegation in XACML?

Delegating access: the proxy-delegate pattern

Sometimes, as users, we want to delegate access to our resources. For instance, an account manager may want to delegate access to their accounts to another account manager. This typically happens when the first account manager, Alice, is on vacation or unavailable, and she wants to make sure another manager, Bob, can handle her accounts.

Continue reading
589 Hits
0 Comments

How do I use the map function in XACML?

In XACML, what are Map functions?

The short answer: a map function applies or maps another function to a set of values.

Background

XACML, the eXtensible Access Control Markup Language, is an authorization language that implements Attribute Based Access Control (ABAC). As the name indicates, XACML uses attributes with a policy language to convey authorization statements.

Continue reading
1158 Hits
0 Comments

How Can I Use Date in a XACML Policy?

When it comes to granting access, sometimes it’s not just about who you are. Sometimes it’s also about what you want to do, where, why, how, and when. In this blog we’ll focus on the when.

Continue reading
809 Hits
0 Comments

Breaking the Glass - Using XACML to Implement HIPAA Regulations

Good news everybody! Health records are now electronic. And have been for some time. This means better communication, better treatment, faster care, potentially cheaper care.

However, this means that information is more easily available to all including the wrong individuals. This is where HIPAA and HL7 kick in. They provide a policy framework for privacy protection. And XACML is a great way to implement them.

In this blog we'll look at break the glass scenarios.

Continue reading
1329 Hits
0 Comments

In XACML what is the StringOneAndOnly function?

XACML, the eXtensible Access Control Markup Language, is an authorization language that implements Attribute-Based Access Control (ABAC). As the name indicates, XACML uses attributes inside policies to convey authorization statements.

Continue reading
1152 Hits
0 Comments

What Does NotApplicable Mean?

XACML is all about making decisions. At the core of the architecture lies the Policy Decision Point (PDP). It is configured with policies which all contain potential effects: Permit or Deny. A policy can grant or deny access.

Continue reading
880 Hits
0 Comments

Should the Policy Enforcement Point Send All Attributes Needed to Evaluate a Request?

Policy Enforcement Points (PEP) are the piece in the XACML / ABAC architecture that are responsible for protecting the requested resources. PEPs stop business flows, analyze them, create authorization requests from them, send the requests to the Policy Decision Point (PDP) and enforce the decision they receive back from the PDP. To do so PEPs need to process and add attributes to a XACML request.

Continue reading
1617 Hits
0 Comments

When Should I Use an XACML Condition?

Using Attributes to Scope XACML Policies

When writing policies in XACML, you will want to start using attributes to define when the policies apply. You can compare attributes to values by using attribute matches e.g. citizenship == Norwegian. To do so, you have the choice of XACML targets and XACML conditions. Both targets and conditions let you define the scope of applicability of policies by using attributes.

Continue reading
1469 Hits
0 Comments

Securing Access to PII and EHR in a digitized health care environment

We’re more connected than ever as the digital world continues to expand into every aspect of our daily lives. According to a recent government study, two billion people are currently connected to the internet and by 2016, this number will exceed 3 billion – almost half of the world’s population [1]. In many industries, we have come to expect an experience that is online or accessible via a mobile device - we want information and service immediately and expect “always-on” access to our accounts.

Continue reading
1116 Hits
0 Comments