Our experts at Axiomatics got together at the end of the year to take a look at the trends in store for 2017. Some of these may sound familiar, as the era of digital transformation continues to expand. But you'll find a common theme: Marty Leamy, our Americas President said it best, “This
Background We haven’t discussed combining algorithms much, but they are just one of the many powerful features of an XACML-based authorization system. You can think of combining algorithms as a way to assign weight to many partial answers to the same question. Let’s use a background
Big data is one of the “big” industry trends that is challenging enterprises these days, especially from a data security perspective. Thanks to the explosion of Big Data, the Internet of Things (IoT), and global mobilization, the way companies use, collect, store and process data has changed
The Abbreviated Language For Authorization (Wikipedia) or ALFA is a domain specific language used to express XACML authorization policies. It is by far much easier to work with than writing the raw XML. Depending on who you ask it is easier to understand and work with than UI tools. Currently there
The XACML standard provides a means of returning the reason for an access request denial through the use of the Obligations and Advice expressions, which were added in the 3.0 standard. A comprehensive explanation of Obligations and Advice can be found in our blog entry titledYou are not obliged to
This week's question gets into a very specific XACML implementation detail but it is one that I encounter often so I thought this might be a good place to raise awareness. You are probably already aware that one of the key features of an Attribute Based Access Control system (ABAC) is the ability
One of the great benefits of Attribute Based Access Control (ABAC) is that it can be as coarse or fine-grained as you need it to be. You start with two attributes: role and data, and you have Role Based Access Control (RBAC). But from there, it gets much more interesting, as you can add as few or
There are different approaches to expressing authorization logic. What’s the best way? It’s not as simple as the right or wrong way in this case unfortunately. Let’s take a look at the pro’s and con’s of the more typical approaches we see here at Axiomatics when we work with our
X may mark the spot if you’re looking for treasure, but if you’re looking to protect something dear to you, such as your sensitive assets, X can also form part of your security program. That’s because X is the first letter in XACML, the OASIS standard language that authorization solutions
Access Control has been around ever since there has been the need to protect valuable assets. Sentries were posted and moats were built. Still, history is littered with access breaches, many of which, such as the Trojan horse, have gone down in folklore. Comparably, data access control is still in