Matt has been in the access control industry since 2000, having worked at Netegrity, BEA Systems, Oracle and Symplified. At Axiomatics, Matt provides training, professional services, and customer support, specializing in API/microservices security, cloud integration and provisioning.

The Convergence of Personalization and Authorization

A founder of a former company said something to me as we closed the doors, “I wish I built a tiered subscription model at the start.” He went on to describe how many companies give up too much capability with their initial release, then when it becomes popular, they can’t grow or easily provide limited capability to potential prospects who only need a portion of what the company offers.  

There is a niche of providers that offer personalization engines for e-commerce sites to help craft a shopping experience based on traits of the customer, such as geo-location, browsing history, and previous transaction history. E-commerce companies recognized long-ago that it is not a one-size fits all world and that if the site knows you, you will engage more with the site.

If you compare personalization with authorization, you’ll find that it’s not that much different from a rules standpoint. Let’s take a example tiered subscription plan and model it. Our example will be a financial advisory service with online content. Let’s say the application owner wants to have four levels: Platinum, Gold, Silver and Bronze. Today, each subscription level gets access to different capabilities in the site:

Continue reading
240 Hits
0 Comments

Externalized Dynamic Authorization in a [Micro]Services World Pt. 3

Part 3: Microservices Authorization In-Depth

This is a multi-part series of articles describing why and how one can approach applying Externalized Dynamic Authorization to an API and/or microservices architecture that uses OAuth 2.0 flows and/or OpenID Connect (OIDC). Externalized Dynamic Authorization and OAuth 2.0 (and/or OIDC) are complementary technologies. Some of the naming can lead to confusion however, on what roles each can and should play. The series is divided into multiple parts: This Primer provides some background of the standards involved in this series, including OAuth 2.0 (referred to as just OAuth from here on out) and OpenID Connect (OIDC). The eXtensible Access Control Markup Language (XACML) tutorial is available as well.

Continue reading
871 Hits
0 Comments

Externalized Dynamic Authorization in a [Micro]Services World Pt. 2

Part 2: OAuth Scopes May Not be Enough

This is a multi-part series of articles describing why and how one can approach applying Externalized Dynamic Authorization to an API and/or microservices architecture that uses OAuth 2.0 flows and/or OpenID Connect (OIDC). Externalized Dynamic Authorization and OAuth 2.0 (and/or OIDC) are complementary technologies. Some of the naming can lead to confusion however, on what roles each can and should play. The series is divided into multiple parts: This Primer provides some background of the standards involved in this series, including OAuth 2.0 (referred to as just OAuth from here on out) and OpenID Connect (OIDC). The eXtensible Access Control Markup Language (XACML) tutorial is available as well.

Continue reading
717 Hits
0 Comments

Externalized Dynamic Authorization in a [Micro]Services World

Externalized Dynamic Authorization in a [Micro]Services World

Part 1: OAuth and OpenID Connect Come Together with Externalized Dynamic Authorization

This is a multi-part series of articles describing why and how one can approach applying Externalized Dynamic Authorization to an API and/or microservices architecture that uses OAuth 2.0 flows and/or OpenID Connect (OIDC). Externalized Dynamic Authorization and OAuth 2.0 (and/or OIDC) are complementary technologies. Some of the naming can lead to confusion however, on what roles each can and should play. The series is divided into multiple parts: This Primer provides some background of the standards involved in this series, including OAuth 2.0 (referred to as just OAuth from here on out) and OpenID Connect (OIDC). The eXtensible Access Control Markup Language (XACML tutorial) is available as well.

 

Continue reading
1236 Hits
0 Comments