• Category: Access Control

A Fresh Look at Spring Security Access Control

Access Control
Today’s blog is a deep dive on various types of access control. I’ll be reviewing the differences between Expression-Based Access Control, Role Based Access Control...

Top Five Trends to Transform Enterprise Security in 2017

Access Control
Our experts at Axiomatics got together at the end of the year to take a look at the trends in store for 2017. Some of...

Externalized Dynamic Authorization in a [Micro]Services World Pt. 3

Access Control
Part 3: Microservices Authorization In-Depth This is a multi-part series of articles describing why and how one can approach applying Externalized Dynamic Authorization to an...

Externalized Dynamic Authorization in a [Micro]Services World Pt. 2

Access Control
Part 2: OAuth Scopes May Not be Enough This is a multi-part series of articles describing why and how one can approach applying Externalized Dynamic...

Externalized Dynamic Authorization in a [Micro]Services World

Access Control
Part 1: OAuth and OpenID Connect Come Together with Externalized Dynamic Authorization Want the fast track of dynamic authorization in a microservices world? Check out...

In XACML, what is a bag?

Access Control
Background Attribute Based Access Control (ABAC) leverages attributes in combination with a set of policies to determine authorization decisions. A request is sent from an...

How Big Data is Driving Evolution in Identity and Access Management

Access Control
What is Big Data and Why You Should Care In a previous post, I discussed some of the security challenges awaiting companies looking to leverage...

Why don’t I get Obligations or Advice back on Indeterminate or Not Applicable responses?

Access Control
Background When a policy is being evaluated in XACML 3.0 Policy Decision Points (PDP), Obligations and Advice elements will be ignored for “Indeterminate” and “Not...

Gartner’s IAM Summit: A Beginner’s Guide to Digital Transformation

Access Control
Axiomatics is heading to Gartner’s annual Identity and Access Management (IAM) Summit on November 29 at Caesar’s Palace in Las Vegas. By the time the event...

How can the permit-unless-deny combining algorithm be dangerous?

Access Control
Background We haven’t discussed combining algorithms much, but they are just one of the many powerful features of an XACML-based authorization system.  You can think...

Security, Dynamic Authorization and the Big Data Landscape

Access Control
The big data landscape is, not surprisingly, big. Matt Turck’s excellent blog (mattturck.com) has good coverage on the development in this area and captures how...

Spring Security and Attribute-Based Access Control

Access Control
Spring Security, a project in the wider Spring framework, aims to provide an authentication and authorization framework around the core Spring. Having started its life...

Proving Access Control Compliance and Enabling Access Review Reporting

Access Control
In April 2016, Axiomatics introduced the Axiomatics Review Manager, a one-of-a-kind access review and reporting tool, that can confirm polices are enforced and compliance is...

Axiomatics Review Manager: Advanced access audit reporting of sensitive data

Access Control
From its foundation, Axiomatics has been at the forefront of the authorization and access management technology movement. We have brought to to market solutions that...

Access Control for HL7 and the Health Care industry

Access Control
Discover how a typical HL7 access control policy can be created using the Abbreviated Language for Authorization (ALFA) and what that would mean for your...

PEP SDK for Spring Security

Access Control
Earlier in the year we introduced the work we have been doing to provide our customers with a easy way to integrate the fine-grained, policy-based...

Integrating XACML into Spring Security

Access Control
Spring takes away some of the great complexities of JEE and is a more light-weight and agile framework. It enables enterprise-level applications to be built...

Advanced Dynamic Data Masking by Format Preserving Encryption

Access Control
This post explains how to apply fine-grained dynamic data masking using the Axiomatics Data Access Filter MD (for Multiple Databases), while minimizing changes to applications...

Getting OWASP Top 10 Right with Dynamic Authorization

Access Control
This is a joint post with Gunnar Peterson. Gunnar (@oneraindrop) is a Managing Principal at Arctec Group. He focuses on security architecture consulting and training....

Extending the XACML Specification

Access Control
The eXtensible Access Control Markup Language – or XACML offers a standardized way to provide granular and scalable authorization solution across the enterprise application board...

Authentication vs. Authorization – Part 3: Bringing it all together

Access Control
This is the third and final post of a series examining how authentication – in particular, federated identity and standards-based single sign-on (SSO) – and...

Authentication vs. Authorization – Part 2: SAML and OAuth

Access Control
This is the second post of a three-part series examining how authentication – in particular, federated identity and standards-based single sign-on (SSO) – and attribute...

Authentication vs. Authorization – Part 1: Federated Authentication

Access Control
This will be the first blog of a three-part series examining how authentication (auth’n) — in particular, federated identity and standards-based single sign-on (SSO) —...

Policy Information Point in Five Minutes

Access Control
This blog post intends to give a short but concise introduction to the Policy Information Point (PIP) in the XACML reference model, specifically its role...

Blimey! What’s Axiomatics Reverse Query?

Access Control
In the land of XACML, general access control queries are of the form “can user A read document D?” The Policy Enforcement Point (PEP) sends...

XACML Language Structure

Access Control
This is the second in the series of blog posts that covers the basics of XACML. The previous post covered the XACML reference architecture, specifically...

Challenges of ABAC: Access Reviews – Part 2

Access Control
In the previous blog post we reviewed the concept of access review and discussed how well access control models deal with it. Also, at the...

Challenges of ABAC: Access Reviews – Part 1

Access Control
This is a two-parts blog post on the difficulties of doing access reviews with Attribute-Based Access Control (ABAC) and how to work around them. In...