Question of the Week Archives - Axiomatics
Axiomatics
  • Dynamic Authorization Suite
    • Applications
    • Databases
    • Big Data & Cloud
    • APIs and Microservices
    • IAM Ecosystem Integrations
    • SharePoint
    • Reporting & Governance
    • Expert Services
  • Developers Zone
  • Resources
    • About Us
    • Analyst Reports
    • Case Studies
    • Data Sheets
    • Industry Briefs
    • Product Sheets
    • Tutorials
    • Use Cases
    • Webinars
    • White Papers
  • Solutions
    • Challenges
    • Industries
    • Roles
  • Axiomatics Federal, Inc.
  • Blog
  • About Us
    • The Company
    • Careers
    • Press Room
    • Events
    • Partners
    • Management Team
    • Contact us

Question of the Week

Home / Blog / Tech / Question of the Week
Question of the Week Wednesday, 26 April 2017Wednesday, 20 September 2017 by Angelo Stroppa

How Can I Use Time in a XACML Policy?

Attribute-based access control (ABAC) lets us define fine-grained authorization policies that typically take into account user attributes and resource attributes. Sometimes we may need time to express authorization constraints. For example: Only a supervisor can view the medical record of a
Question of the Week Thursday, 08 December 2016Thursday, 20 April 2017 by Jonas Markström

What is the main difference between XACML 3.0 and XACML 2.0?

To Axiomatics prospects and customers, standardization, or standards compliance, is of great importance and often one of the deciding factors in choosing Axiomatics over “homegrown” or vendor proprietary products. A standards-based product will, among other things, allow the customer to source
Question of the Week Tuesday, 25 October 2016 by Jonas Iggbom

How do I write authorization policies for Big Data?

  When it comes to securing access to services and data, we see many different use cases and, with that, the enforcement of authorization rules at different layers in the IT stack. This spans all the way from the Web/Presentation tier down to the data tier as illustrated in Figure 1. Enforcing
Question of the Week Tuesday, 18 October 2016 by Jonas Markström

How can commercial off-the-shelf (COTS) applications be supported with XACML?

As a Sales Engineer, it’s not uncommon to meet with a customer - or a prospective customer - who, along with securing APIs, microservices and a web portal, would also like to secure some commercial off-the-shelf application (“COTS application” from here on). And why not? They see themselves
Question of the Week Monday, 10 October 2016 by Jonas Iggbom

How Can I Use Policy References in ALFA?

The Abbreviated Language For Authorization (Wikipedia) or ALFA is a domain specific language used to express XACML authorization policies. It is by far much easier to work with than writing the raw XML. Depending on who you ask it is easier to understand and work with than UI tools. Currently there
Question of the Week Tuesday, 27 September 2016 by Brian Colaluca

How Can I Return the Reason for a Denial in a XACML Response?

The XACML standard provides a means of returning the reason for an access request denial through the use of the Obligations and Advice expressions, which were added in the 3.0 standard. A comprehensive explanation of Obligations and Advice can be found in our blog entry titledYou are not obliged to
Question of the Week Wednesday, 21 September 2016 by Mark Berg

Why Does Retrieving Attribute Values from a Secure LDAP Slow Performance?

This week's question gets into a very specific XACML implementation detail but it is one that I encounter often so I thought this might be a good place to raise awareness. You are probably already aware that one of the key features of an Attribute Based Access Control system (ABAC) is the ability
Question of the Week Thursday, 15 September 2016Tuesday, 25 April 2017 by Jonas Iggbom

Should I Define the Authorization Logic in the Policy or an External Datasource?

All (or most of) the logic in the policy In this case we’re obviously talking about the XACML policy. This is an Attribute Based Access Control (ABAC) approach that leverages attributes and policies to make runtime authorization decisions. Defining the authorization logic in the policy itself
Question of the Week Thursday, 15 September 2016 by Jonas Iggbom

Should I Define the Authorization Logic in the Policy or an External Datasource?

There are different approaches to expressing authorization logic. What’s the best way? It’s not as simple as the right or wrong way in this case unfortunately. Let’s take a look at the pro’s and con’s of the more typical approaches we see here at Axiomatics when we work with our
Question of the Week Wednesday, 07 September 2016Tuesday, 25 April 2017 by Axiomatics

How Can I Use Date in a XACML Policy?

We have written in the past about using time in XACML policies. This can be useful when wanting to control access outside office hours for instance. Sometimes, we also want to use dates to achieve similar and complementary use cases. Using the Date Datatype in XACML The Date Datatype XACML
123Next

Subscribe to the blog

  • Authors
  • Categories
  • Tags
AxiomaticsAxiomatics
Joffry FerraterJoffry Ferrater
Jonas IggbomJonas Iggbom
Gerry GebelGerry Gebel
Kelly SheltonKelly Shelton
Mike GoodMike Good
David BrossardDavid Brossard
Niklas JakobssonNiklas Jakobsson
Lauren NegaardLauren Negaard
Pablo GiambiagiPablo Giambiagi
Brian ColalucaBrian Colaluca
Craig GilleyCraig Gilley
Jonas MarkströmJonas Markström
Jeffrey KleinJeffrey Klein
See More Authors
  • Business Tech Question of the Week Access Control Access Control 101 Architecture XACML Axiomatics Data Access Filter API The Company ABAC Health Insurance Safe Harbor Cross-Border Privacy API
  • Whats New What's New RBAC fine-grained events Dynamic Authorization Data Centric Security Compliance Authorization Attribute Based Access Control API Access Control ABAC101 ABAC 101 ABAC

Featured Posts

  • ABAC Friday, 11 January 2019Thursday, 10 January 2019 by AxiomaticsStack Overflow: ABAC vs. RBAC via XACML PoliciesThe Axiomatics technical teams across sales Read more...
  • Tech Tuesday, 08 January 2019Thursday, 17 January 2019 by Joffry FerraterCloud Native Authorization Engine on Kubernetes Cluster: Part 1This describes how we can deploy a cloud-native Read more...

Still have questions?

Send us an email at webinfo@axiomatics.com
Request a Demo

Axiomatics

  • Supplier Code of Conduct
  • Privacy Policy
  • Careers
  • Contact us
  • Get Support
Copyright © 2013 - 2019 Axiomatics. All rights reserved.