Question of the Week Archives - Axiomatics
Axiomatics
  • Dynamic Authorization Suite
    • Applications
    • SmartGuard® for Data
    • Databases
    • APIs and Microservices
      • Amazon API Gateway Integration
      • Apigee Integration
      • Axway API Integration
      • CA API Gateway Integration
      • IBM DataPower Gateway Integration
      • Kong Community Integration
      • MuleSoft Integration
      • Oracle API Gateway Integration
    • IAM Ecosystem Integrations
    • Reporting & Governance
    • Expert Services
  • Developers Zone
  • Resources
    • About Us
    • Analyst Reports
    • Case Studies
    • Data Sheets
    • Industry Briefs
    • Infographics
    • Product Sheets
    • Tutorials
    • Use Cases
    • Webinars
    • White Papers
  • Solutions
    • Challenges
    • Industries
    • Roles
  • Axiomatics Federal, Inc.
  • Blog
  • About Us
    • The Company
    • Working at Axiomatics
    • Press Room
    • Events
    • Partners
    • Management
    • Corporate Social Responsibility
    • Contact Us

Question of the Week

Home / Tech / Question of the Week
Question of the Week Wednesday, 26 April 2017Wednesday, 20 September 2017 by Angelo Stroppa

How Can I Use Time in a XACML Policy?

Attribute-based access control (ABAC) lets us define fine-grained authorization policies that typically take into account user attributes and resource attributes. Sometimes we may need time to express authorization constraints. For example: Only a supervisor can view the medical record of a
Question of the Week Thursday, 08 December 2016Thursday, 20 April 2017 by Jonas Markström

What is the main difference between XACML 3.0 and XACML 2.0?

To Axiomatics prospects and customers, standardization, or standards compliance, is of great importance and often one of the deciding factors in choosing Axiomatics over “homegrown” or vendor proprietary products. A standards-based product will, among other things, allow the customer to source
Question of the Week Tuesday, 25 October 2016 by Jonas Iggbom

How do I write authorization policies for Big Data?

  When it comes to securing access to services and data, we see many different use cases and, with that, the enforcement of authorization rules at different layers in the IT stack. This spans all the way from the Web/Presentation tier down to the data tier as illustrated in Figure 1. Enforcing
Question of the Week Tuesday, 18 October 2016 by Jonas Markström

How can commercial off-the-shelf (COTS) applications be supported with XACML?

As a Sales Engineer, it’s not uncommon to meet with a customer - or a prospective customer - who, along with securing APIs, microservices and a web portal, would also like to secure some commercial off-the-shelf application (“COTS application” from here on). And why not? They see themselves
Question of the Week Monday, 10 October 2016 by Jonas Iggbom

How Can I Use Policy References in ALFA?

The Abbreviated Language For Authorization (Wikipedia) or ALFA is a domain specific language used to express XACML authorization policies. It is by far much easier to work with than writing the raw XML. Depending on who you ask it is easier to understand and work with than UI tools. Currently there
Question of the Week Tuesday, 27 September 2016 by Brian Colaluca

How Can I Return the Reason for a Denial in a XACML Response?

The XACML standard provides a means of returning the reason for an access request denial through the use of the Obligations and Advice expressions, which were added in the 3.0 standard. A comprehensive explanation of Obligations and Advice can be found in our blog entry titledYou are not obliged to
Question of the Week Wednesday, 21 September 2016 by Mark Berg

Why Does Retrieving Attribute Values from a Secure LDAP Slow Performance?

This week's question gets into a very specific XACML implementation detail but it is one that I encounter often so I thought this might be a good place to raise awareness. You are probably already aware that one of the key features of an Attribute Based Access Control system (ABAC) is the ability
Question of the Week Thursday, 15 September 2016Tuesday, 25 April 2017 by Jonas Iggbom

Should I Define the Authorization Logic in the Policy or an External Datasource?

All (or most of) the logic in the policy In this case we’re obviously talking about the XACML policy. This is an Attribute Based Access Control (ABAC) approach that leverages attributes and policies to make runtime authorization decisions. Defining the authorization logic in the policy itself
Question of the Week Thursday, 15 September 2016 by Jonas Iggbom

Should I Define the Authorization Logic in the Policy or an External Datasource?

There are different approaches to expressing authorization logic. What’s the best way? It’s not as simple as the right or wrong way in this case unfortunately. Let’s take a look at the pro’s and con’s of the more typical approaches we see here at Axiomatics when we work with our
Question of the Week Wednesday, 07 September 2016Monday, 26 August 2019 by Axiomatics

How Can I Use Date in a XACML Policy?

We have written in the past about using time in XACML policies. This can be useful when wanting to control access outside office hours for instance. Sometimes, we also want to use dates to achieve similar and complementary use cases. Using the Date Datatype in XACML The Date Datatype XACML
123Next

Subscribe to the blog

  • Authors
  • Categories
  • Tags
Srijith NairSrijith Nair
AxiomaticsAxiomatics
Pablo GiambiagiPablo Giambiagi
David BrossardDavid Brossard
Jonas IggbomJonas Iggbom
Andres MartinelliAndres Martinelli
Gerry GebelGerry Gebel
Kelly SheltonKelly Shelton
Mike GoodMike Good
Niklas JakobssonNiklas Jakobsson
Brian ColalucaBrian Colaluca
Craig GilleyCraig Gilley
Jonas MarkströmJonas Markström
Jeffrey KleinJeffrey Klein
See More Authors
  • Business Tech Question of the Week Access Control Access Control 101 Architecture API Axiomatics Data Access Filter XACML The Company ABAC Health Insurance Safe Harbor Cross-Border Privacy API
  • Whats New What's New federal government events Dynamic Authorization data security Data Centric Security Cloud Authorization Attribute Based Access Control API Access Control ABAC101 ABAC 101 ABAC

Featured Posts

  • Enterprise-Authorization-System Business Friday, 15 January 2021Wednesday, 03 February 2021 by Srijith NairModern Enterprise Authorization Management SystemGartner has an interesting article titled Read more...
  • Mastering GDPR and CCPA Compliance with Dynamic Authorization Business Tuesday, 03 November 2020Monday, 18 January 2021 by AxiomaticsMastering GDPR and CCPA Compliance with Dynamic AuthorizationGlobal regulatory legislation is a headache for Read more...

Still have questions?

Send us an email at webinfo@axiomatics.com
Request a Demo

Axiomatics

  • Supplier Code of Conduct
  • Cookie Notice
  • Privacy Policy
  • Working at Axiomatics
  • It’s easy to contact Axiomatics!
  • Get Support
Copyright © 2013 - 2021 Axiomatics. All rights reserved.