Authorization/Access ControlBest PracticesAnil Saldhanaanil@apache.org
“Authentication is FINITE whereasAuthorization is INFINITE”.- Anil Saldhana
Best Practice 1• Know that you will need accesscontrol/authorization
Best Practice 2• Externalize the access control policyprocessing
Best Practice 3• Understand the difference between CoarseGrained and Fine Grained Authorization
Best Practice 4• Design for coarse grained authorization butkeep the design flexible for fine grainedauthorization
Best Practice 5• Know the difference between Access ControlLists (ACL) and Access Control Standards– ACL are proprietary– ...
Best Practice 6• Adopt Rule Based Access Control: view accesscontrol as Rules and Attributes
Best Practice 7• Adopt REST Style architecture when yoursituation demands scale and hence adoptREST Authorization Standards
Best Practice 8• Understand the difference betweenEnforcement vs Entitlements model
Greater Depth• Visit http://anil-identity.blogspot.com/2013/05/access-control-best-practices.html
Upcoming SlideShare
Loading in...5
×

Authorization bestpractices

25,245

Published on

http://anil-identity.blogspot.com/2013/05/access-control-best-practices.html
has the best practices for access control/authorization.

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
25,245
On Slideshare
0
From Embeds
0
Number of Embeds
58
Actions
Shares
0
Downloads
13
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Authorization bestpractices

  1. 1. Authorization/Access ControlBest PracticesAnil Saldhanaanil@apache.org
  2. 2. “Authentication is FINITE whereasAuthorization is INFINITE”.- Anil Saldhana
  3. 3. Best Practice 1• Know that you will need accesscontrol/authorization
  4. 4. Best Practice 2• Externalize the access control policyprocessing
  5. 5. Best Practice 3• Understand the difference between CoarseGrained and Fine Grained Authorization
  6. 6. Best Practice 4• Design for coarse grained authorization butkeep the design flexible for fine grainedauthorization
  7. 7. Best Practice 5• Know the difference between Access ControlLists (ACL) and Access Control Standards– ACL are proprietary– Standards include OASIS XACML and IETF OAuth2
  8. 8. Best Practice 6• Adopt Rule Based Access Control: view accesscontrol as Rules and Attributes
  9. 9. Best Practice 7• Adopt REST Style architecture when yoursituation demands scale and hence adoptREST Authorization Standards
  10. 10. Best Practice 8• Understand the difference betweenEnforcement vs Entitlements model
  11. 11. Greater Depth• Visit http://anil-identity.blogspot.com/2013/05/access-control-best-practices.html
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×