Are you looking for further clarification in working with XACML? This post originally appeared on Stack Overflow. Question: XACML allows us to specify <Target> tag in both <Policy> as well as in <Rule> tags. What I would like to understand is that: What is the
Protect What Matters Most: The Data -- Part 2, Data-Centric Security Welcome to Part 2, of Protect What Matters Most: The Data. You can find Part 1 here, if you didn't catch it. A while back, my colleague, Gerry Gebel, and I delivered a webinar on the very topic of data-centric authorization.
Protect What Matters Most: Fine-grained, Policy-based Authorization for your Data Introduction When I speak to customers about what Axiomatics does (fine-grained, externalized, policy-based access control), I tell them that historically access control was implemented within each and every app or
Most modern environments today handle large amounts of data. Typically the data is spread across different data sources such as relational databases or even a big data system or data lake. And within these massive data stores, therein lies data that is very sensitive and critical to
This Q+A originally appeared on Information Security Stack Exchange. Question: We are looking to implement Attribute-Based Access Control. While we are sold on the philosophy, there are two topics that seem to crop up: Will it lead to significant performance issues? Especially
Are you working with MERN (Mongo, Express, React-redux, Node) and Authorization? This Stack Overflow post details the question at hand, and then how to use dynamic authorization with MERN. It originally appeared on Stack Overflow. Question I am creating a MERN (Mongo, Express, React-redux, Node)
Today's blog post is a post from one of our partners, Gluu. The feature writer is Mike Schwartz. He has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a
Axiomatics Policy Server keeps evolving to meet the needs of our customers as they migrate resources to the cloud. Our latest update to the cloud-native Policy Decision Point (PDP) makes it compliant with the REST and JSON profiles version 1.1 of the XACML 3.0 standard (version 1.1 was published
How to solve the consistency problem of managing authorization of Single Page Application & .NET Core WebAPI? Question from Stack Overflow User Ishan Akin. We are currently developing a web application that has following architecture. A single page application based on
Introduction Extending the authorization capabilities of an API Gateway to use fine-grained dynamic authorization with the Axiomatics Policy Server is a common use case. There are several different aspects of authorization that are typically applied to API’s: Authorizing whether or not
