Extending CA Single Sign-On with XACML Capabilities

Axiomatics CA Validated extension for CA Single Sign-On leverages Single Sign-On’s existing authorization capabilities and allows users to implement risk-intelligent policies that adapt with an organization’s changing IT environment. When used in combination, the solutions enable organizations to implement data governance with standards-based policies that control SOA and WAM.

The CA Single Sign-On product is a market leader in Web Access Management (WAM). Compared to the first version from 1997, today’s CA Single Sign-On r12 platform is an extremely powerful and versatile tool for access control in web applications.

Yet, the basic concepts and product capabilities remain: to provide centralized administration for authentication and authorization to web applications.

The one area which in recent years has evolved is Authorization and this is primarily where WAM tools such as CA Single Sign-On may need to be extended. Today, dynamic and Attribute Based Access Control (ABAC) is increasingly being used to meet requirements on more precise data governance, regulatory compliance and risk-aware access controls. Governance domains may, for instance, demand that financial risks are considered (SOX, Basel, Insolvency, Money laundry legislations etc.) or that access is conditioned based on the relation between the user and the data subject identified by data retrieved (for instance regulations in health care, such as HIPAA, law enforcement and eGovernment sectors). Such use cases can often not be managed with traditional access control models. This is where the XACML standard becomes increasingly important.

The Axiomatics Extension for CA Single Sign-On does this: it injects a Policy Enforcement Point (PEP) into the CA Single Sign-On Policy Server via the Single Sign-On Authorization API. The CA Single Sign-On infrastructure, with its various web agents, directory chaining, single sign-on and federation capabilities, can be used to achieve fine-grained and dynamic attribute based access control based on the XACML standard.

 

 

 

Other Resources

Webinars
The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
Webinars
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.
Webinars
Taking an identity-centric approach to a modern security architecture
Federal agencies invest heavily in protecting data from external threat actors, but the insider threat problem requires a new approach to access control. While protecting data is paramount, that requirement must be balanced with the need to share certain information across a variety of use case scenarios within and across agencies/departments.