Archive for the ‘Standards’ category
June 29, 2011
This is Felix Gaehtgens and I am one of the latest additions to the Axiomatics team. My colleagues Gerry Gebel and David Brossard were so nice to offer me a space on their blogs. As a former industry analyst, I’m going to start here, and post my future more technical musings on David’s blog. Speaking [...]
Categories: Architecture, Standards, Uncategorized, XACML
Tags: Axiomatics, XACML
Comments: Be the first to comment
April 6, 2011
Here is the third installment in a series of conversations I have had with James McGovern, enterprise architect extraordinaire. In this post, we expand the scope from insurance scenarios to include some broader enterprise contexts for externalized authorization. JM: Over the last couple of years, I have had lots of fascinating conversations with Architects in [...]
Categories: Architecture, Authorization, Standards, XACML
Comments: Be the first to comment
March 18, 2011
Here is part 3 of a conversation with Gunnar Peterson where we continue talking about externalized authorization, who in the organization is involved in an XACML system deployment – and it even includes a discussion of TOCTOU concerns as it relates to a XACML system. Thanks also to my colleagues, David Brossard and Pablo Giambiagi, for [...]
Categories: Architecture, Authorization, Standards, XACML
Comments: Be the first to comment
March 2, 2011
The conversation with James McGovern continues… here is the next installment in a series of posts on the applicability of XACML-based authorization for the insurance industry: JM: We had a great discussion covering basic entitlement scenarios and how they can be applied to the insurance vertical. Are you ready for some scenarios that are more [...]
Categories: Architecture, Authorization, Standards, XACML
Comments: Be the first to comment
February 16, 2011
In my past role of Industry Analyst at Burton Group, I used to have frequent conversations with James McGovern who at the time was in the role of Chief Security Architect for The Hartford and is now a Director with Virtusa where he focuses on Enterprise Architecture and Information Security. Recently, we had a dialog [...]
Categories: Authorization, Standards, XACML
Comments: Be the first to comment
December 15, 2010
Gunnar Peterson and I had a discussion about why authorization should start to receive more attention in the infosec industry. He feels that most infosec pros are over emphasizing authentication and it’s time to look more toward authorization. Since I now work for Axiomatics, I couldn’t agree more . Here is a transcript of the conversation: [...]
Categories: Authorization, Standards, XACML
Comments: 2 Comments
October 6, 2010
Travis Spencer (@travisspencer) raised a few issues with XACML and proposed some solutions in a recent blog post. I’d like to take this opportunity to respond in the interest of continuing the conversation. Thanks to my colleagues, Erik, David (@davidjbrossard), and Ludwig for their input. Point 1 – Lack of wire protocol definitions: The industry [...]
Categories: Authorization, Standards, XACML
Comments: 2 Comments
August 4, 2010
One of the points I made during my vendor lightning round session at Burton Catalyst last week was that the industry should be looking ahead to an XACML 3.0 interop in 2011, perhaps at the next Catalyst conference. Catalyst was the site of the first ever XACML interop demonstration back in 2007 and would be [...]
Categories: Standards, XACML
Comments: Be the first to comment
July 9, 2010
The Concordia Discussion Group is planning another workshop at Burton Catalyst North America, continuing a trend of providing timely and informative events. I have had the pleasure of participating in the past and will provide an update on what is new in XACML 3.0 this time around. XACML 3.0 is nearing ever closer to formal [...]
Categories: Authorization, Standards, Workshop
Comments: Be the first to comment
May 6, 2010
Andre Durand’s keynote yesterday at the EIC conference contained many quotable quotes, but the one that stood out for me was, “Enterprises must stand up for standards.” Andre said this while describing the role pure play vendors have in the greater IT community – keeping the large vendors honest regarding their commitment to standards. IdM [...]
Categories: Standards
Comments: Be the first to comment
