The Axiomatics technical teams across sales engineering, development and customer relations often engage with the Stack Overflow community to get insights and answers. They also contribute knowledge on access control and dynamic authorization. This question on access control models and ABAC vs.
Attribute-based access control (ABAC) lets us define fine-grained authorization policies that typically take into account user attributes and resource attributes. Sometimes we may need time to express authorization constraints. For example: Only a supervisor can view the medical record of a
X may mark the spot if you’re looking for treasure, but if you’re looking to protect something dear to you, such as your sensitive assets, X can also form part of your security program. That’s because X is the first letter in XACML, the OASIS standard language that authorization solutions
In a previous blog post we discussed the use of XACML obligations and advice. I concluded the post with the cliff hanger: An interesting use of advice is as a means to tell the PEP the reasons why a request has been denied; but to show you how this is done I would need to introduce you to the
In this blog post we describe how the recent JSON and REST profiles of the XACML standard make it easier to use and to integrate with the externalized authorization services provided by the XACML Policy Decision Point (PDP). What is XACML? The eXtensible Access Control Markup Language (XACML)
Imagine that you are designing a policy for your business, which happens to be a top-notch hospital, and bump into the following legal requirement: A physician can access a medical record from one of her patients provided this access is reported to the patient If you are familiar with XACML,