100% Pure XACML

100% Pure XACML

X may mark the spot if you’re looking for treasure, but if you’re looking to protect something dear to you, such as your sensitive assets, X can also form part of your security program. That’s because X is the first letter in XACML, the OASIS standard language that authorization solutions from Axiomatics are based on. eXtensible Access Control Markup Language (XACML) offers a standardized way to achieve externalized and dynamic authorization. This means that authorization decisions are made by an authorization service at run-time, based on policies which determine what actions a user or service can perform on a given information asset and in a specific context.

Continue reading
1174 Hits
0 Comments

Obligations and Advice in XACML part 2

In a previous blog post ​we discussed the use of XACML obligations and advice. I concluded the post with the cliff hanger:

An interesting use of advice is as a means to tell the PEP the reasons why a request has been denied; but to show you how this is done I would need to introduce you to the way the PDP calculates the advice for a decision.

Continue reading
1696 Hits
0 Comments

Using JSON and REST profiles for external authorization

In this blog post we describe how the recent JSON and REST profiles of the XACML standard make it easier to use and to integrate with the externalized authorization services provided by the XACML Policy Decision Point (PDP).

Continue reading
3215 Hits
0 Comments

You are not obliged to follow my advice: Obligations and Advice in XACML part 1

Imagine that you are designing a policy for your business, which happens to be a top-notch hospital, and bump into the following legal requirement:

A physician can access a medical record from one of her patients provided this access is reported to the patient

If you are familiar with XACML, much of this requirement would not be too difficult to structure and implement. The problem you may face starts with “provided...”.

Continue reading
2469 Hits
0 Comments