Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Authorization bestpractices

26,888 views

Published on

http://anil-identity.blogspot.com/2013/05/access-control-best-practices.html
has the best practices for access control/authorization.

Published in: Technology, Business
  • Be the first to comment

Authorization bestpractices

  1. 1. Authorization/Access ControlBest PracticesAnil Saldhanaanil@apache.org
  2. 2. “Authentication is FINITE whereasAuthorization is INFINITE”.- Anil Saldhana
  3. 3. Best Practice 1• Know that you will need accesscontrol/authorization
  4. 4. Best Practice 2• Externalize the access control policyprocessing
  5. 5. Best Practice 3• Understand the difference between CoarseGrained and Fine Grained Authorization
  6. 6. Best Practice 4• Design for coarse grained authorization butkeep the design flexible for fine grainedauthorization
  7. 7. Best Practice 5• Know the difference between Access ControlLists (ACL) and Access Control Standards– ACL are proprietary– Standards include OASIS XACML and IETF OAuth2
  8. 8. Best Practice 6• Adopt Rule Based Access Control: view accesscontrol as Rules and Attributes
  9. 9. Best Practice 7• Adopt REST Style architecture when yoursituation demands scale and hence adoptREST Authorization Standards
  10. 10. Best Practice 8• Understand the difference betweenEnforcement vs Entitlements model
  11. 11. Greater Depth• Visit http://anil-identity.blogspot.com/2013/05/access-control-best-practices.html

×