Building an Effective API Security Framework Using ABAC

Today, information is shared like never before. Whether it’s for business or private purposes, people expect information to be readily available. APIs are a great way of achieving this, but it often comes at a cost, namely security.

One of the main concerns has always been authorization, or rather the limitations of it. There hasn’t been an authorization model that can handle data-rich APIs and the ever-changing demands of the IT environment. But that’s all changed now with Attribute Based Access Control (ABAC). It delivers dynamic authorization that supports rich data APIs within legacy systems, cloud, mobile, BYOD, etc.

In this webinar we will demonstrate the practicalities of building and implementing an API using ABAC.

We will present a real-world case study on integrating dynamic authorization, with the XACML-driven Axiomatics Policy Server, across multiple layers of complex web services application architecture. This includes Layer 7, Spring Security, Oracle DB and Ca Single Sign-On integration.

The webinar will cover:

  • API security framework
  • Sample XACML policies
  • a live demo



Other Resources

The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.
Taking an identity-centric approach to a modern security architecture
Federal agencies invest heavily in protecting data from external threat actors, but the insider threat problem requires a new approach to access control. While protecting data is paramount, that requirement must be balanced with the need to share certain information across a variety of use case scenarios within and across agencies/departments.