Attribute-based access control (ABAC) lets us define fine-grained authorization policies that typically take into account user attributes and resource attributes. Sometimes we may need time to express authorization constraints. For example: Only a supervisor can view the medical record of a
To Axiomatics prospects and customers, standardization, or standards compliance, is of great importance and often one of the deciding factors in choosing Axiomatics over “homegrown” or vendor proprietary products. A standards-based product will, among other things, allow the customer to source
When it comes to securing access to services and data, we see many different use cases and, with that, the enforcement of authorization rules at different layers in the IT stack. This spans all the way from the Web/Presentation tier down to the data tier as illustrated in Figure 1. Enforcing
As a Sales Engineer, it’s not uncommon to meet with a customer - or a prospective customer - who, along with securing APIs, microservices and a web portal, would also like to secure some commercial off-the-shelf application (“COTS application” from here on). And why not? They see themselves
The Abbreviated Language For Authorization (Wikipedia) or ALFA is a domain specific language used to express XACML authorization policies. It is by far much easier to work with than writing the raw XML. Depending on who you ask it is easier to understand and work with than UI tools. Currently there
The XACML standard provides a means of returning the reason for an access request denial through the use of the Obligations and Advice expressions, which were added in the 3.0 standard. A comprehensive explanation of Obligations and Advice can be found in our blog entry titledYou are not obliged to
