Extending CA Single Sign-On with XACML Capabilities

Axiomatics CA Validated extension for CA Single Sign-On leverages Single Sign-On’s existing authorization capabilities and allows users to implement risk-intelligent policies that adapt with an organization’s changing IT environment. When used in combination, the solutions enable organizations to implement data governance with standards-based policies that control SOA and WAM.

The CA Single Sign-On product is a market leader in Web Access Management (WAM). Compared to the first version from 1997, today’s CA Single Sign-On r12 platform is an extremely powerful and versatile tool for access control in web applications.

Yet, the basic concepts and product capabilities remain: to provide centralized administration for authentication and authorization to web applications.

The one area which in recent years has evolved is Authorization and this is primarily where WAM tools such as CA Single Sign-On may need to be extended. Today, dynamic and Attribute Based Access Control (ABAC) is increasingly being used to meet requirements on more precise data governance, regulatory compliance and risk-aware access controls. Governance domains may, for instance, demand that financial risks are considered (SOX, Basel, Insolvency, Money laundry legislations etc.) or that access is conditioned based on the relation between the user and the data subject identified by data retrieved (for instance regulations in health care, such as HIPAA, law enforcement and eGovernment sectors). Such use cases can often not be managed with traditional access control models. This is where the XACML standard becomes increasingly important.

The Axiomatics Extension for CA Single Sign-On does this: it injects a Policy Enforcement Point (PEP) into the CA Single Sign-On Policy Server via the Single Sign-On Authorization API. The CA Single Sign-On infrastructure, with its various web agents, directory chaining, single sign-on and federation capabilities, can be used to achieve fine-grained and dynamic attribute based access control based on the XACML standard.




Other Resources

Zero Trust Through Dynamic Authorization And Policy Driven Access
Join experts from KuppingerCole Analysts, Ericom and Axiomatics for an interactive discussion on the role of fine-grained access controls in adopting Zero Trust and how best to address that challenge to meet the needs of a hybrid workforce using cloud-based applications and adopting new ways of working, such as DevOps.
The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.