SlideShare a Scribd company logo

Axiomatics webinar 13 june 2013 shared

Finn Frisch
Finn Frisch

These are the presentation slides from the Axiomatics webinar on June 13. A recording of the webinar with audio can be viewed at www.axiomatics.com/videos-and-webinars

Technology
1 of 43
Webinar: Preparing your applications for externalized authorization
Twitter @axiomatics @srijith #XACML 2
Axiomatics in brief Common authorization patterns - background Externalizing authorization XACML APS Developer Edition – Introduction and demo Questions and Answer session Agenda 3
Focus area Externalized authorization XACML standard Company background R&D since 2000 Axiomatics founded in 2006 OASIS XACML Technical Committee Member since 2005 Editorial responsibilities Products implementing XACML 2.0 and 3.0 The largest deployments world-wide Axiomatics in brief 4
APS Developer Edition Non-production use Aimed at reducing lead time to use XACML Enabling devs. to easily use XACML in their apps Interested? Contact sales@axiomatics.com More Editions to follow – stay tuned Srijith Nair – Axiomatics Developer Relations 5 Today’s webinar – drivers
© 2013, Axiomatics AB Preparing your applications for externalized authorization Srijith Nair June 13, 2013 6
© 2013, Axiomatics AB In the olden days, authorization was about Who? 7
© 2013, Axiomatics AB Authorization should really be about… When?What? How?Where?Who? Why? 8
© 2013, Axiomatics AB Access Control List (ACL) Resource centric Permissions attached to objects Specifies which subject has access Role-Based Access Control (RBAC) User Centric Widely adopted Well understood Industry-standard around it Simple But…. Authorization Approaches User  Role(s)  Permission(s) Role 1 Role 2 P P P P P P 9
© 2013, Axiomatics AB Static, predefined, inflexible Does not extend beyond user Doesn’t scale Role explosion Difficult to define fine-grained access control rules How would one implement the rule: Doctors should be able to view the records of patients assigned to their unit and edit the records of those patients with whom they have a care relationship Where’s the role? Doctor What’s a patient? A record? A care relationship? Problem with RBAC? 10
© 2013, Axiomatics AB Pull out the highlighter What if we were not limited to roles? Doctors should be able to view the records of patients assigned to their unit and edit the records of those patients with whom they have a care relationship It is all about Attributes, Attributes, Attributes! 11
© 2013, Axiomatics AB Attributes Are sets of labels or properties Describe all aspects of entities that must be considered for authorization purposes Attribute-Based Access Control (ABAC) uses attributes as building blocks in a structured language used to define access control rules and to describe access requests Attribute-based access control 12
© 2013, Axiomatics AB ABAC vs. RBAC Role-Based Access Control Attribute-Based Access Control User  Role  Permissions User + Action + Resource + Context Attributes Policies Static & pre-defined Dynamic & Adaptive Role 1 Role 2 P P P P P P 13
© 2013, Axiomatics AB Declarative: Security roles, constrains are added to deployment descriptor of application (e.g. in J2EE, web constraints are added to web.xml, EJB constraints into ejb-jar.xml) Configured during assembly stage, enforced by security runtime Usually rely on roles Programmatic: Enforcement of AuthZ is written in the code Gives app developers more control JACC interface can be used to make calls to external AuthZ providers Declarative vs. Programmatic AuthZ 14
© 2013, Axiomatics AB Future-Proofing Authorization External from Applications Standards- Compliant Authorization Service Fine- Grained Context-Aware Attribute-based Access Control Externalized AuthZ 15
© 2013, Axiomatics AB Externalizing Authorization 16
© 2013, Axiomatics AB Consider distributed or multi-tiered apps Consider SOA, Cloud services AuthZ needs to be done at several tiers, places Move similar, often-used AuthZ code to own layer Some progress, but Different programming patterns Frameworks providing coarse-grained AuthZ Fine-grained AuthZ still in code Need for Externalizing AuthZ 17
© 2013, Axiomatics AB A multitude of Authorization Frameworks CanCan Microsoft Claims SalesForce PermissionSet Spring Security Rails AuthZ Python Fedora Flask-Auth Slim for PHP 18
© 2013, Axiomatics AB Cons They are specific to their language They are not standards-based Their capabilities are at times limited They require subject matter expertise They are expensive Pros It’s the right step towards fine-grained authorization It’s the right step towards externalizing authorization What’s with native authorization frameworks? 19
© 2013, Axiomatics AB Enter XACML 20
© 2013, Axiomatics AB eXtensible Access Control Markup Language Prominent ABAC system OASIS standard V 3.0 approved in January 2013 V 1.0 approved in 2003 (10 years ago!) XACML is expressed as a specification document Provides profiles for developers: JSON REST http://www.oasis-open.org/committees/xacml/ 21 What is XACML?
© 2013, Axiomatics AB 22 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
© 2013, Axiomatics AB The XACML Architecture 23 Manage Policy Administration Point Decide Policy Decision Point Support Policy Information Point Policy Retrieval Point Enforce Policy Enforcement Point
© 2013, Axiomatics AB XACML Architecture Flow 24 Decide Policy Decision Point Manage Policy Administration Point Support Policy Information Point Policy Retrieval Point Enforce Policy Enforcement Point Access Document #123 Access Document #123 Can Alice access Document #123? Yes, Permit Load XACML policies Retrieve user role, clearance and document classification
© 2013, Axiomatics AB 25 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
© 2013, Axiomatics AB 3 structural elements PolicySet Policy Rule Root: either PolicySet or Policy PolicySets contain any number of PolicySets & Policies Policies contain Rules Rules contain an Effect: Permit / Deny Combining Algorithms for Rules and Policies 26 Language Elements of XACML
© 2013, Axiomatics AB Root Policy Set PolicySet Policy Rule Effect=Permit Rule Effect = Deny PolicySet Policy Rule Effect = Permit 27 Sample XACML Policy
© 2013, Axiomatics AB 28 Language Structure: Russian dolls PolicySet, Policy & Rule can contain Targets Obligations Advice Rules can contain Conditions Policy Set Policy Rule Effect=Permit Target Target Target Obligation Obligation Obligation Condition
© 2013, Axiomatics AB 29 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
© 2013, Axiomatics AB Environment Subject Action Resource Environment Action Resource Subject 30 Request and Response It’s all about Attributes! ABAC Represented in XML XACML Policies XACML Request XACML Response
© 2013, Axiomatics AB Req/Resp XACML and PEP ENFORCE STOP ANALYZE FORWARD ES A F 31
© 2013, Axiomatics AB What are you protecting? What architecture? What framework? J2EE? Web app server  Servlet filter Web services  JAX-WS Enterprise Service Bus? Apache Service Mix  Interceptors IIS?  ISAPI filter XML gateway?  Custom vendor assertion 32 Stop the message: the form factor S
© 2013, Axiomatics AB Map from ‘native attributes’ to XACML attributes Two types of attributes Attributes in the message Message headers SOAPAction HTTP method Target URI… Message payload Transaction amount Attribute in the environment / framework Time of the day Analyze the message: extract attributes A 33
© 2013, Axiomatics AB Extract Attributes - Example POST /login.jsp HTTP/1.1 Host: www.mysite.com User-Agent: Mozilla/4.0 Content-Length: 27 Content-Type: application/x-www-form-urlencoded userid=joe <?xml version="1.0" encoding="UTF-8"?> <xacml-ctx:Request ReturnPolicyIdList="true" CombinedDecision="false" xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">POST </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">login.jsp </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">joe </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> </xacml-ctx:Request> Via the HTTPServletObject 34
© 2013, Axiomatics AB How is the PDP exposed? In-process? RMI? JSON? SOAP? … Create a XACML request and insert it inside the right “transporter” Java XACML request and pass to the API method Java XACML request serialized using RMI JSON payload and send as HTTP(S) request XML XACML request inside SOAP message and send as HTTP request … Forward access control request to the PDP Req/Resp F 35
© 2013, Axiomatics AB Permit / Deny / Not Applicable / Indeterminate Check the bias Apply obligations & advice Log access in the central log repository Send notification email Filter out some data from the response Enforce: receive the PDP decision and act E 36
© 2013, Axiomatics AB APS Developer Edition 37
© 2013, Axiomatics AB “(…)is an aggregate product that aims to simplify the process of working with Axiomatics products. It is primarily intended for developers and is designed to enable a quick and easy setup of the APS environment. The Developer Edition contains the standard releases of APS and other Axiomatics software of relevance to developers in a complete, self-contained and easy-to-install package.” For non-production use only What is APS Developer Edition? 38
© 2013, Axiomatics AB APS components - ASM, PDP, PAP PEP SDK for Java and ALFA packages Sample demo application and XACML policy Sample Eclipse projects for JSP demo application JSP PEP Java PEP ALFA PAP workspace Single Tomcat for ASM, PDP and demo application Simplified initialization and management scripts What it contains 39
© 2013, Axiomatics AB APS Developer Edition does not include: Eclipse distribution Java distribution APS Developer Resources Anything else not mentioned in previous slide  What it does not contain 40
© 2013, Axiomatics AB Quick Start Guide 41
© 2013, Axiomatics AB Demo 42
© 2013, Axiomatics AB Questions? Contact us at info@axiomatics.com

Recommended

OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
David Brossard
 
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
David Brossard
 
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by DesignEIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
David Brossard
 
MuCon 2015 - Microservices in Integration Architecture
MuCon 2015 - Microservices in Integration ArchitectureMuCon 2015 - Microservices in Integration Architecture
MuCon 2015 - Microservices in Integration Architecture
Kim Clark
 
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
David Brossard
 
Implementing Data Caching and Data Synching Using Oracle MAF
Implementing Data Caching and Data Synching Using Oracle MAFImplementing Data Caching and Data Synching Using Oracle MAF
Implementing Data Caching and Data Synching Using Oracle MAF
Steven Davelaar
 
Service as-a-software
Service as-a-softwareService as-a-software
Service as-a-softwareJean-Jacques Dubray
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
OracleIDM
 

Recommended

OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
David Brossard
 
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
David Brossard
 
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by DesignEIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
David Brossard
 
MuCon 2015 - Microservices in Integration Architecture
MuCon 2015 - Microservices in Integration ArchitectureMuCon 2015 - Microservices in Integration Architecture
MuCon 2015 - Microservices in Integration Architecture
Kim Clark
 
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
David Brossard
 
Implementing Data Caching and Data Synching Using Oracle MAF
Implementing Data Caching and Data Synching Using Oracle MAFImplementing Data Caching and Data Synching Using Oracle MAF
Implementing Data Caching and Data Synching Using Oracle MAF
Steven Davelaar
 
Service as-a-software
Service as-a-softwareService as-a-software
Service as-a-softwareJean-Jacques Dubray
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
OracleIDM
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
Kim Clark
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
gemziebeth
 
Data Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric ArchitectureData Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric Architecture
WSO2
 
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program ArchitectSalesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
gemziebeth
 
Oracle UCM Implementation Patterns
Oracle UCM Implementation PatternsOracle UCM Implementation Patterns
Oracle UCM Implementation Patterns
Brian Huff
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...
Alicja Sieminska
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
Chekka Venkateshwar Rao
 
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...WSO2
 
Managing the cloud
Managing the cloudManaging the cloud
Managing the cloudFrancesco Orlando
 
Building enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolioBuilding enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolio
Kim Clark
 
Differentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it mattersDifferentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it matters
Kim Clark
 
ADF Development Survival Kit
ADF Development Survival KitADF Development Survival Kit
ADF Development Survival Kitandrejusb
 
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co... The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
Lucas Jellema
 
Upcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST supportUpcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST support
Steven Davelaar
 
A JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business ExecutionA JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business ExecutionCITYTECH, Inc.
 
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Lucas Jellema
 
Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0Mohamed Atef
 
Composite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business ArchitecturesComposite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business Architectures
Mike Walker
 
SaaS Introduction-May2014
SaaS Introduction-May2014SaaS Introduction-May2014
SaaS Introduction-May2014
Nguyen Tung
 
Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?
Finn Frisch
 
Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?
Finn Frisch
 

More Related Content

What's hot

The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
Kim Clark
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
gemziebeth
 
Data Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric ArchitectureData Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric Architecture
WSO2
 
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program ArchitectSalesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
gemziebeth
 
Oracle UCM Implementation Patterns
Oracle UCM Implementation PatternsOracle UCM Implementation Patterns
Oracle UCM Implementation Patterns
Brian Huff
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...
Alicja Sieminska
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
Chekka Venkateshwar Rao
 
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...WSO2
 
Building enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolioBuilding enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolio
Kim Clark
 
Differentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it mattersDifferentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it matters
Kim Clark
 
ADF Development Survival Kit
ADF Development Survival KitADF Development Survival Kit
ADF Development Survival Kitandrejusb
 
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co... The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
Lucas Jellema
 
Upcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST supportUpcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST support
Steven Davelaar
 
A JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business ExecutionA JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business ExecutionCITYTECH, Inc.
 
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Lucas Jellema
 
Composite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business ArchitecturesComposite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business Architectures
Mike Walker
 
SaaS Introduction-May2014
SaaS Introduction-May2014SaaS Introduction-May2014
SaaS Introduction-May2014
Nguyen Tung
 

What's hot (20)

The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
 
Data Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric ArchitectureData Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric Architecture
 
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program ArchitectSalesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
 
Oracle UCM Implementation Patterns
Oracle UCM Implementation PatternsOracle UCM Implementation Patterns
Oracle UCM Implementation Patterns
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
 
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
 
Managing the cloud
Managing the cloudManaging the cloud
Managing the cloud
 
Building enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolioBuilding enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolio
 
Differentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it mattersDifferentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it matters
 
ADF Development Survival Kit
ADF Development Survival KitADF Development Survival Kit
ADF Development Survival Kit
 
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co... The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
 
Upcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST supportUpcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST support
 
A JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business ExecutionA JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business Execution
 
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
 
Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0
 
Composite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business ArchitecturesComposite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business Architectures
 
SaaS Introduction-May2014
SaaS Introduction-May2014SaaS Introduction-May2014
SaaS Introduction-May2014
 

Viewers also liked

Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?
Finn Frisch
 
Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?
Finn Frisch
 
Assis informa Gener 2013
Assis informa Gener 2013Assis informa Gener 2013
Assis informa Gener 2013
lesgolfesa6
 
Business Survival Tips - in a tough economy
Business Survival Tips - in a tough economyBusiness Survival Tips - in a tough economy
Business Survival Tips - in a tough economy
Peter Bolgann
 
Спомени за Бръшлян
Спомени за БръшлянСпомени за Бръшлян
Спомени за Бръшлян
Руслана Савова Попсавова
 
Slaid duta bahasa p5 2012
Slaid duta bahasa p5 2012Slaid duta bahasa p5 2012
Slaid duta bahasa p5 2012
tundivas
 
Баба Марта е дошла
Баба Марта е дошла Баба Марта е дошла
Баба Марта е дошла
Руслана Савова Попсавова
 
Governance and the audit committee
Governance and the audit committeeGovernance and the audit committee
Governance and the audit committee
financelearningacademy
 
9 things you must be doing with your content marketing
9 things you must be doing with your content marketing9 things you must be doing with your content marketing
9 things you must be doing with your content marketing
Daniel Oyston
 
Rupee voltility, twin deficits and exchange rate policy
Rupee voltility, twin deficits and exchange rate policyRupee voltility, twin deficits and exchange rate policy
Rupee voltility, twin deficits and exchange rate policyarnadkarni
 
現代数理統計 7章
現代数理統計 7章現代数理統計 7章
現代数理統計 7章
tara_nai
 
μαγαζακι (Excel) στ1
μαγαζακι (Excel) στ1μαγαζακι (Excel) στ1
μαγαζακι (Excel) στ1dimdemenika
 
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Team
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner TeamPresentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Team
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Team
elifeid
 
2 d character idea
2 d character idea2 d character idea
2 d character ideaDaniel1Nye
 
How To Come Up With Content Marketing Topics
How To Come Up With Content Marketing TopicsHow To Come Up With Content Marketing Topics
How To Come Up With Content Marketing Topics
Daniel Oyston
 
ε2 τα εξοδα μου excel slideshare
ε2 τα εξοδα μου excel slideshareε2 τα εξοδα μου excel slideshare
ε2 τα εξοδα μου excel slidesharedimdemenika
 

Viewers also liked (20)

Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?
 
Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?
 
Assis informa Gener 2013
Assis informa Gener 2013Assis informa Gener 2013
Assis informa Gener 2013
 
Task 2
Task 2Task 2
Task 2
 
Business Survival Tips - in a tough economy
Business Survival Tips - in a tough economyBusiness Survival Tips - in a tough economy
Business Survival Tips - in a tough economy
 
Спомени за Бръшлян
Спомени за БръшлянСпомени за Бръшлян
Спомени за Бръшлян
 
Animator
AnimatorAnimator
Animator
 
Slaid duta bahasa p5 2012
Slaid duta bahasa p5 2012Slaid duta bahasa p5 2012
Slaid duta bahasa p5 2012
 
Баба Марта е дошла
Баба Марта е дошла Баба Марта е дошла
Баба Марта е дошла
 
Governance and the audit committee
Governance and the audit committeeGovernance and the audit committee
Governance and the audit committee
 
9 things you must be doing with your content marketing
9 things you must be doing with your content marketing9 things you must be doing with your content marketing
9 things you must be doing with your content marketing
 
Rupee voltility, twin deficits and exchange rate policy
Rupee voltility, twin deficits and exchange rate policyRupee voltility, twin deficits and exchange rate policy
Rupee voltility, twin deficits and exchange rate policy
 
現代数理統計 7章
現代数理統計 7章現代数理統計 7章
現代数理統計 7章
 
μαγαζακι (Excel) στ1
μαγαζακι (Excel) στ1μαγαζακι (Excel) στ1
μαγαζακι (Excel) στ1
 
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Team
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner TeamPresentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Team
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Team
 
2 d character idea
2 d character idea2 d character idea
2 d character idea
 
How To Come Up With Content Marketing Topics
How To Come Up With Content Marketing TopicsHow To Come Up With Content Marketing Topics
How To Come Up With Content Marketing Topics
 
ε2 τα εξοδα μου excel slideshare
ε2 τα εξοδα μου excel slideshareε2 τα εξοδα μου excel slideshare
ε2 τα εξοδα μου excel slideshare
 
Kedua maria
Kedua mariaKedua maria
Kedua maria
 
Genre and our work; hw
Genre and our work; hwGenre and our work; hw
Genre and our work; hw
 

Similar to Axiomatics webinar 13 june 2013 shared

Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
ggebel
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
Nordic APIs
 
CIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization Standards
CloudIDSummit
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you are
David Brossard
 
Fine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACMLFine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACML
David Brossard
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmassureshattanayake
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
sureshattanayake
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosWSO2
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
Amazon Web Services
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing Zone
Amazon Web Services
 
Oracle OpenWorld 2009 AIA Best Practices
Oracle OpenWorld 2009 AIA Best PracticesOracle OpenWorld 2009 AIA Best Practices
Oracle OpenWorld 2009 AIA Best Practices
Rajesh Raheja
 
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
Amazon Web Services
 
Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09
Rex Wang
 
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
David Brossard
 
AWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best PracticesAWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best Practices
Ian Massingham
 
Extending Enterprise Applications to mobile interfaces-Final
Extending Enterprise Applications to mobile interfaces-FinalExtending Enterprise Applications to mobile interfaces-Final
Extending Enterprise Applications to mobile interfaces-FinalRohit Dhamija
 
AWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdfAWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdf
Heitor Lessa
 
Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)
Amazon Web Services
 

Similar to Axiomatics webinar 13 june 2013 shared (20)

Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
 
CIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization Standards
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you are
 
Fine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACMLFine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACML
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 Stratos
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing Zone
 
Oracle OpenWorld 2009 AIA Best Practices
Oracle OpenWorld 2009 AIA Best PracticesOracle OpenWorld 2009 AIA Best Practices
Oracle OpenWorld 2009 AIA Best Practices
 
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
 
Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09
 
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
 
AWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best PracticesAWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best Practices
 
Extending Enterprise Applications to mobile interfaces-Final
Extending Enterprise Applications to mobile interfaces-FinalExtending Enterprise Applications to mobile interfaces-Final
Extending Enterprise Applications to mobile interfaces-Final
 
AWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdfAWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdf
 
uppada_kishore_resume (1)
uppada_kishore_resume (1)uppada_kishore_resume (1)
uppada_kishore_resume (1)
 
Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)
 

Recently uploaded

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

Axiomatics webinar 13 june 2013 shared

  • 1. Webinar: Preparing your applications for externalized authorization
  • 3. Axiomatics in brief Common authorization patterns - background Externalizing authorization XACML APS Developer Edition – Introduction and demo Questions and Answer session Agenda 3
  • 4. Focus area Externalized authorization XACML standard Company background R&D since 2000 Axiomatics founded in 2006 OASIS XACML Technical Committee Member since 2005 Editorial responsibilities Products implementing XACML 2.0 and 3.0 The largest deployments world-wide Axiomatics in brief 4
  • 5. APS Developer Edition Non-production use Aimed at reducing lead time to use XACML Enabling devs. to easily use XACML in their apps Interested? Contact sales@axiomatics.com More Editions to follow – stay tuned Srijith Nair – Axiomatics Developer Relations 5 Today’s webinar – drivers
  • 6. © 2013, Axiomatics AB Preparing your applications for externalized authorization Srijith Nair June 13, 2013 6
  • 7. © 2013, Axiomatics AB In the olden days, authorization was about Who? 7
  • 8. © 2013, Axiomatics AB Authorization should really be about… When?What? How?Where?Who? Why? 8
  • 9. © 2013, Axiomatics AB Access Control List (ACL) Resource centric Permissions attached to objects Specifies which subject has access Role-Based Access Control (RBAC) User Centric Widely adopted Well understood Industry-standard around it Simple But…. Authorization Approaches User  Role(s)  Permission(s) Role 1 Role 2 P P P P P P 9
  • 10. © 2013, Axiomatics AB Static, predefined, inflexible Does not extend beyond user Doesn’t scale Role explosion Difficult to define fine-grained access control rules How would one implement the rule: Doctors should be able to view the records of patients assigned to their unit and edit the records of those patients with whom they have a care relationship Where’s the role? Doctor What’s a patient? A record? A care relationship? Problem with RBAC? 10
  • 11. © 2013, Axiomatics AB Pull out the highlighter What if we were not limited to roles? Doctors should be able to view the records of patients assigned to their unit and edit the records of those patients with whom they have a care relationship It is all about Attributes, Attributes, Attributes! 11
  • 12. © 2013, Axiomatics AB Attributes Are sets of labels or properties Describe all aspects of entities that must be considered for authorization purposes Attribute-Based Access Control (ABAC) uses attributes as building blocks in a structured language used to define access control rules and to describe access requests Attribute-based access control 12
  • 13. © 2013, Axiomatics AB ABAC vs. RBAC Role-Based Access Control Attribute-Based Access Control User  Role  Permissions User + Action + Resource + Context Attributes Policies Static & pre-defined Dynamic & Adaptive Role 1 Role 2 P P P P P P 13
  • 14. © 2013, Axiomatics AB Declarative: Security roles, constrains are added to deployment descriptor of application (e.g. in J2EE, web constraints are added to web.xml, EJB constraints into ejb-jar.xml) Configured during assembly stage, enforced by security runtime Usually rely on roles Programmatic: Enforcement of AuthZ is written in the code Gives app developers more control JACC interface can be used to make calls to external AuthZ providers Declarative vs. Programmatic AuthZ 14
  • 15. © 2013, Axiomatics AB Future-Proofing Authorization External from Applications Standards- Compliant Authorization Service Fine- Grained Context-Aware Attribute-based Access Control Externalized AuthZ 15
  • 16. © 2013, Axiomatics AB Externalizing Authorization 16
  • 17. © 2013, Axiomatics AB Consider distributed or multi-tiered apps Consider SOA, Cloud services AuthZ needs to be done at several tiers, places Move similar, often-used AuthZ code to own layer Some progress, but Different programming patterns Frameworks providing coarse-grained AuthZ Fine-grained AuthZ still in code Need for Externalizing AuthZ 17
  • 18. © 2013, Axiomatics AB A multitude of Authorization Frameworks CanCan Microsoft Claims SalesForce PermissionSet Spring Security Rails AuthZ Python Fedora Flask-Auth Slim for PHP 18
  • 19. © 2013, Axiomatics AB Cons They are specific to their language They are not standards-based Their capabilities are at times limited They require subject matter expertise They are expensive Pros It’s the right step towards fine-grained authorization It’s the right step towards externalizing authorization What’s with native authorization frameworks? 19
  • 20. © 2013, Axiomatics AB Enter XACML 20
  • 21. © 2013, Axiomatics AB eXtensible Access Control Markup Language Prominent ABAC system OASIS standard V 3.0 approved in January 2013 V 1.0 approved in 2003 (10 years ago!) XACML is expressed as a specification document Provides profiles for developers: JSON REST http://www.oasis-open.org/committees/xacml/ 21 What is XACML?
  • 22. © 2013, Axiomatics AB 22 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
  • 23. © 2013, Axiomatics AB The XACML Architecture 23 Manage Policy Administration Point Decide Policy Decision Point Support Policy Information Point Policy Retrieval Point Enforce Policy Enforcement Point
  • 24. © 2013, Axiomatics AB XACML Architecture Flow 24 Decide Policy Decision Point Manage Policy Administration Point Support Policy Information Point Policy Retrieval Point Enforce Policy Enforcement Point Access Document #123 Access Document #123 Can Alice access Document #123? Yes, Permit Load XACML policies Retrieve user role, clearance and document classification
  • 25. © 2013, Axiomatics AB 25 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
  • 26. © 2013, Axiomatics AB 3 structural elements PolicySet Policy Rule Root: either PolicySet or Policy PolicySets contain any number of PolicySets & Policies Policies contain Rules Rules contain an Effect: Permit / Deny Combining Algorithms for Rules and Policies 26 Language Elements of XACML
  • 27. © 2013, Axiomatics AB Root Policy Set PolicySet Policy Rule Effect=Permit Rule Effect = Deny PolicySet Policy Rule Effect = Permit 27 Sample XACML Policy
  • 28. © 2013, Axiomatics AB 28 Language Structure: Russian dolls PolicySet, Policy & Rule can contain Targets Obligations Advice Rules can contain Conditions Policy Set Policy Rule Effect=Permit Target Target Target Obligation Obligation Obligation Condition
  • 29. © 2013, Axiomatics AB 29 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
  • 30. © 2013, Axiomatics AB Environment Subject Action Resource Environment Action Resource Subject 30 Request and Response It’s all about Attributes! ABAC Represented in XML XACML Policies XACML Request XACML Response
  • 31. © 2013, Axiomatics AB Req/Resp XACML and PEP ENFORCE STOP ANALYZE FORWARD ES A F 31
  • 32. © 2013, Axiomatics AB What are you protecting? What architecture? What framework? J2EE? Web app server  Servlet filter Web services  JAX-WS Enterprise Service Bus? Apache Service Mix  Interceptors IIS?  ISAPI filter XML gateway?  Custom vendor assertion 32 Stop the message: the form factor S
  • 33. © 2013, Axiomatics AB Map from ‘native attributes’ to XACML attributes Two types of attributes Attributes in the message Message headers SOAPAction HTTP method Target URI… Message payload Transaction amount Attribute in the environment / framework Time of the day Analyze the message: extract attributes A 33
  • 34. © 2013, Axiomatics AB Extract Attributes - Example POST /login.jsp HTTP/1.1 Host: www.mysite.com User-Agent: Mozilla/4.0 Content-Length: 27 Content-Type: application/x-www-form-urlencoded userid=joe <?xml version="1.0" encoding="UTF-8"?> <xacml-ctx:Request ReturnPolicyIdList="true" CombinedDecision="false" xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">POST </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">login.jsp </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">joe </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> </xacml-ctx:Request> Via the HTTPServletObject 34
  • 35. © 2013, Axiomatics AB How is the PDP exposed? In-process? RMI? JSON? SOAP? … Create a XACML request and insert it inside the right “transporter” Java XACML request and pass to the API method Java XACML request serialized using RMI JSON payload and send as HTTP(S) request XML XACML request inside SOAP message and send as HTTP request … Forward access control request to the PDP Req/Resp F 35
  • 36. © 2013, Axiomatics AB Permit / Deny / Not Applicable / Indeterminate Check the bias Apply obligations & advice Log access in the central log repository Send notification email Filter out some data from the response Enforce: receive the PDP decision and act E 36
  • 37. © 2013, Axiomatics AB APS Developer Edition 37
  • 38. © 2013, Axiomatics AB “(…)is an aggregate product that aims to simplify the process of working with Axiomatics products. It is primarily intended for developers and is designed to enable a quick and easy setup of the APS environment. The Developer Edition contains the standard releases of APS and other Axiomatics software of relevance to developers in a complete, self-contained and easy-to-install package.” For non-production use only What is APS Developer Edition? 38
  • 39. © 2013, Axiomatics AB APS components - ASM, PDP, PAP PEP SDK for Java and ALFA packages Sample demo application and XACML policy Sample Eclipse projects for JSP demo application JSP PEP Java PEP ALFA PAP workspace Single Tomcat for ASM, PDP and demo application Simplified initialization and management scripts What it contains 39
  • 40. © 2013, Axiomatics AB APS Developer Edition does not include: Eclipse distribution Java distribution APS Developer Resources Anything else not mentioned in previous slide  What it does not contain 40
  • 41. © 2013, Axiomatics AB Quick Start Guide 41
  • 42. © 2013, Axiomatics AB Demo 42
  • 43. © 2013, Axiomatics AB Questions? Contact us at info@axiomatics.com