XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity protocols fight for your love"
Upcoming SlideShare
Loading in...5
×
 

XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity protocols fight for your love"

on

  • 1,668 views

In this panel hosted by Ian Glazer, my colleague Gerry Gebel introduces the audience to XACML and its latest developments including REST, JSON, and more developer-friendly initiatives.

In this panel hosted by Ian Glazer, my colleague Gerry Gebel introduces the audience to XACML and its latest developments including REST, JSON, and more developer-friendly initiatives.

Statistics

Views

Total Views
1,668
Views on SlideShare
1,491
Embed Views
177

Actions

Likes
1
Downloads
22
Comments
0

2 Embeds 177

http://www.linkedin.com 91
https://twitter.com 86

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • SAML  so mature and prevalent that new alternatives are appearing. Simpler ways to deal with federationXACML  where’s the rebellion? It is modernizing from within: REST profile, JSON request/response, and even a lightweight JSON-based policy notation (work by the TELECOMMUNICATIONS SOFTWARE & SYSTEMS GROUP – TSSG in Ireland)
  • Since we last spoke at Gartner in Dec. 2012, XACML 3.0 has finally become an official OASIS standardIt can be downloaded from the OASIS website (https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml)
  • Interop included:SOAP-basedREST-basedIP and EC profilesParticipants:BoeingOracleViewDSAxiomatics
  • EMCOracleAxiomatics
  • Protect APIs, services in a go with gateways, filters, firewalls…The same applies to databases and networks (IF-Map)
  • Direct relationshipsIndirect relationshipsGrant or deny a range of accessCare relationshipHierarchiesProxy-delegate4-eye principleSoD (negative relationship)
  • SAML can transport XACMLSAML can be used in XACML policiesSAML can carry attributes for XACMLSAML and XACML were designed from day 1 for separate and complementary functions

XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity protocols fight for your love" XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity protocols fight for your love" Presentation Transcript

  • Is XACML a Classic? Gerry Gebel @ggebel
  • XACML 3.0 is approved 10 vendors 5 end-user orgs Open source options Who’s the XACML Technical Committee?
  • RSA 2013 Interop When will Catalyst host the next interop? View slide
  • StandardizedXACML is a Authorization language View slide
  • CentralizedXACML enables Authorization
  • Attribute based XACML implements Access Control Check out the NIS Special Publication 800-162 on ABAC
  • Policy based XACML is a Access Control language
  • eXtensibleThe XACML language & architecture is
  • Fine grainedXACML allows for Authorization scenarios
  • Does this XML make me look fat? <xml/>
  • XACML JSON Profile 84% smaller 0 200 400 600 800 1000 1200 1400 Character Count XML JSON
  • REST Profile of XACML JSON XML
  • Protect In-depth XACML lets you SPF 5 to 50
  • Implement Segregation Of Duty Managers can approve a transaction if and only if they did not initiate it if and only if user.id != creator id Easily with XACML rules & attributes
  • Inherit Multiple Rules Managers can approve a transaction if and only if they did not initiate it And if it’s between 9am and 5pm And the amount is under the user’s lim XACML lets you And combine them into a single set
  • Device-awareXACML enables authorization for BYOD
  • kill the comma (the semi-colon too) Ian Glazer once claimed: “Kill IAM to save it”
  • a happy relationship XACML helps you build that lasts generations
  • XACML & OAuth OAuth 2.0  XACML 
  • XACML & SCIM XACML & SAML