Jonas is a part of the Axiomatics Sales team where he helps our customers become ABAC proficient.

What is the main difference between XACML 3.0 and XACML 2.0?

To Axiomatics prospects and customers, standardization, or standards compliance, is of great importance and often one of the deciding factors in choosing Axiomatics over “homegrown” or vendor proprietary products.

A standards-based product will, among other things, allow the customer to source software from multiple, standard-compliant vendors and to reduce the business risk or “vendor lock-in.” When it comes to Attribute Based Access Control (ABAC), the only applicable standard is eXtensible Access Control Markup Language (XACML). This is the standard to which an organization should require compliance when looking at solutions for Externalized Access Management (the term that Gartner now uses) / fine-grained access control / Attribute Based Access Control.

Continue reading
436 Hits
0 Comments

How can commercial off-the-shelf (COTS) applications be supported with XACML?

As a Sales Engineer, it’s not uncommon to meet with a customer - or a prospective customer - who, along with securing APIs, microservices and a web portal, would also like to secure some commercial off-the-shelf application (“COTS application” from here on). And why not? They see themselves shifting from the limitations of RBAC to the possibilities of ABACso the question makes sense. The challenge, of course, is that the said COTS application isn’t built by your team, nor can you change its already compiled code. So what can be done about it?

Continue reading
566 Hits
0 Comments

How Can I Comment My Policies?

Writing access control policies is an iterative process; You write rules, test for expected results, restructure, amend with additional rules and scope, and retest. One app, two apps or many more and the effort grows. Whether you are alone owning the policy authoring process, or if scope has been delegated or shared across application and/or data owners. Using effective comments can help make sense of work in progress, simplify understanding of finished work and provide more of a snapshot view of policy content.

Continue reading
437 Hits
0 Comments

How Can I implement Access Control Lists (ACL) Using XACML Policies?

Let me first give you a short introduction to Access Control Lists (ACL). In software, an ACL, is a list of permissions granted to subjects on an object, where the subject might be Bob or Alice and the object might be the vacation calendar. The ACL is (typically) attached to and administered on the object and (again: typically) each list entry contains a user or a group and a permitted action such as ‘read’. Simpler lists contain the user identity only which means all actions are possible.

Continue reading
1274 Hits
0 Comments

Is It a Good Practice to Use SQL Views for Policy Information Points?

In order to better support the configuration of an Axiomatics solution (APS, ARQ, ADAF MD...) the Axiomatics Professional Services team suggest the use of a database view. To someone who is setting up an ABAC (Attribute Based Access Control) solution and who is not necessarily a database expert, this may create doubts or uncertainty: What is it and is it a good practice to use SQL views for PIPs? In this week’s Q&A we are going to explain what a database view is, how it’s used by our products, and why it’s a good thing.

Continue reading
1000 Hits
0 Comments

Does the JSON profile for XACML support MDP

JSON, or JavaScript Object Notation is a more lightweight and arguably a more easy-to-work with format than XML which is typically used in data exchange (e.g request/response) between Policy Enforcement Point (PEP) and Policy Decision Point (PDP).

Continue reading
2249 Hits
0 Comments

"What about mobile?"

When I first started in mobile security nearly ten years ago 'mobile' was synonymous with laptops, the greatest security challenge was securing data at rest and the solution was device encryption. Today, whether you are on a laptop, tablet or smartphone, chances are your device has out-of-the-box seamless disk encryption. Security has come a long way with much of it commoditized and the conversation has moved from a need to protect towards a growing need to securely share. It is in this changing context that Axiomatics is often consulted on the assumed unique authorization challenges of a mobile form-factor.   

Continue reading
1242 Hits
2 Comments