From Static Roles to Dynamic Attribute-Based Authorization

This is a joint webinar together with analyst firm KuppingerCole.

The webinar is hosted on KuppingerCole’s website. 

Dynamic authorisation systems complement or replace the rigid role concepts through direct implementation of business-driven authorisation rules in the form of policies, and they make decisions about the access of employees, partners, and customers/clients in real time.

In the first part of this webinar, Matthias Reinwarth, senior analyst at KuppingerCole, will lay out the need for dynamic, fine-grained access rights in modern enterprises against traditional role-based access. Then, he will illustrate the evolving challenges and conceptual changes for companies on the way to dynamic authorisation at a glance.

In the second part, Gerry Gebel, President at Axiomatics Americas, will present an overview of the concepts and implementation of the Axiomatics Policy Server infrastructure as an exemplary implementation of a dynamic authorisation system and report on practical experiences gained from concrete projects with end customers.

Key takeaways:

  • Expressing your security requirements as dynamic rules (policies).
  • Defining necessary access rights based on the properties of identities.
  • Granting permission on the basis of well-defined rules that can be documented for audits and are thus legally conformant.
  • Proving an overview of the technical components that are necessary for modern attribute-based authorisation management.
  • Further development of your traditional role approach (RBAC) to a combined RBAC/ABAC or purely attribute-based (ABAC) approach, step by step.

Other Resources

Zero Trust Through Dynamic Authorization And Policy Driven Access
Join experts from KuppingerCole Analysts, Ericom and Axiomatics for an interactive discussion on the role of fine-grained access controls in adopting Zero Trust and how best to address that challenge to meet the needs of a hybrid workforce using cloud-based applications and adopting new ways of working, such as DevOps.
The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.