From Static Roles to Dynamic Attribute-Based Authorization

This is a joint webinar together with analyst firm KuppingerCole.

The webinar is hosted on KuppingerCole’s website. 

Dynamic authorisation systems complement or replace the rigid role concepts through direct implementation of business-driven authorisation rules in the form of policies, and they make decisions about the access of employees, partners, and customers/clients in real time.

In the first part of this webinar, Matthias Reinwarth, senior analyst at KuppingerCole, will lay out the need for dynamic, fine-grained access rights in modern enterprises against traditional role-based access. Then, he will illustrate the evolving challenges and conceptual changes for companies on the way to dynamic authorisation at a glance.

In the second part, Gerry Gebel, President at Axiomatics Americas, will present an overview of the concepts and implementation of the Axiomatics Policy Server infrastructure as an exemplary implementation of a dynamic authorisation system and report on practical experiences gained from concrete projects with end customers.

Key takeaways:

  • Expressing your security requirements as dynamic rules (policies).
  • Defining necessary access rights based on the properties of identities.
  • Granting permission on the basis of well-defined rules that can be documented for audits and are thus legally conformant.
  • Proving an overview of the technical components that are necessary for modern attribute-based authorisation management.
  • Further development of your traditional role approach (RBAC) to a combined RBAC/ABAC or purely attribute-based (ABAC) approach, step by step.

Other Resources

The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.
Taking an identity-centric approach to a modern security architecture
Federal agencies invest heavily in protecting data from external threat actors, but the insider threat problem requires a new approach to access control. While protecting data is paramount, that requirement must be balanced with the need to share certain information across a variety of use case scenarios within and across agencies/departments.