Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity protocols fight for your love"

2,763 views

Published on

In this panel hosted by Ian Glazer, my colleague Gerry Gebel introduces the audience to XACML and its latest developments including REST, JSON, and more developer-friendly initiatives.

Published in: Technology, Business
  • Be the first to comment

XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity protocols fight for your love"

  1. 1. Is XACML a Classic? Gerry Gebel @ggebel
  2. 2. XACML 3.0 is approved 10 vendors 5 end-user orgs Open source options Who’s the XACML Technical Committee?
  3. 3. RSA 2013 Interop When will Catalyst host the next interop?
  4. 4. StandardizedXACML is a Authorization language
  5. 5. CentralizedXACML enables Authorization
  6. 6. Attribute based XACML implements Access Control Check out the NIS Special Publication 800-162 on ABAC
  7. 7. Policy based XACML is a Access Control language
  8. 8. eXtensibleThe XACML language & architecture is
  9. 9. Fine grainedXACML allows for Authorization scenarios
  10. 10. Does this XML make me look fat? <xml/>
  11. 11. XACML JSON Profile 84% smaller 0 200 400 600 800 1000 1200 1400 Character Count XML JSON
  12. 12. REST Profile of XACML JSON XML
  13. 13. Protect In-depth XACML lets you SPF 5 to 50
  14. 14. Implement Segregation Of Duty Managers can approve a transaction if and only if they did not initiate it if and only if user.id != creator id Easily with XACML rules & attributes
  15. 15. Inherit Multiple Rules Managers can approve a transaction if and only if they did not initiate it And if it’s between 9am and 5pm And the amount is under the user’s lim XACML lets you And combine them into a single set
  16. 16. Device-awareXACML enables authorization for BYOD
  17. 17. kill the comma (the semi-colon too) Ian Glazer once claimed: “Kill IAM to save it”
  18. 18. a happy relationship XACML helps you build that lasts generations
  19. 19. XACML & OAuth OAuth 2.0  XACML 
  20. 20. XACML & SCIM XACML & SAML

×