Archive for the ‘XACML’ category
June 29, 2011
This is Felix Gaehtgens and I am one of the latest additions to the Axiomatics team. My colleagues Gerry Gebel and David Brossard were so nice to offer me a space on their blogs. As a former industry analyst, I’m going to start here, and post my future more technical musings on David’s blog. Speaking [...]
Categories: Architecture, Standards, Uncategorized, XACML
Tags: Axiomatics, XACML
Comments: Be the first to comment
April 6, 2011
Here is the third installment in a series of conversations I have had with James McGovern, enterprise architect extraordinaire. In this post, we expand the scope from insurance scenarios to include some broader enterprise contexts for externalized authorization. JM: Over the last couple of years, I have had lots of fascinating conversations with Architects in [...]
Categories: Architecture, Authorization, Standards, XACML
Comments: Be the first to comment
March 18, 2011
Here is part 3 of a conversation with Gunnar Peterson where we continue talking about externalized authorization, who in the organization is involved in an XACML system deployment – and it even includes a discussion of TOCTOU concerns as it relates to a XACML system. Thanks also to my colleagues, David Brossard and Pablo Giambiagi, for [...]
Categories: Architecture, Authorization, Standards, XACML
Comments: Be the first to comment
March 2, 2011
The conversation with James McGovern continues… here is the next installment in a series of posts on the applicability of XACML-based authorization for the insurance industry: JM: We had a great discussion covering basic entitlement scenarios and how they can be applied to the insurance vertical. Are you ready for some scenarios that are more [...]
Categories: Architecture, Authorization, Standards, XACML
Comments: Be the first to comment
February 16, 2011
In my past role of Industry Analyst at Burton Group, I used to have frequent conversations with James McGovern who at the time was in the role of Chief Security Architect for The Hartford and is now a Director with Virtusa where he focuses on Enterprise Architecture and Information Security. Recently, we had a dialog [...]
Categories: Authorization, Standards, XACML
Comments: Be the first to comment
December 15, 2010
Gunnar Peterson and I had a discussion about why authorization should start to receive more attention in the infosec industry. He feels that most infosec pros are over emphasizing authentication and it’s time to look more toward authorization. Since I now work for Axiomatics, I couldn’t agree more . Here is a transcript of the conversation: [...]
Categories: Authorization, Standards, XACML
Comments: 2 Comments
October 6, 2010
Travis Spencer (@travisspencer) raised a few issues with XACML and proposed some solutions in a recent blog post. I’d like to take this opportunity to respond in the interest of continuing the conversation. Thanks to my colleagues, Erik, David (@davidjbrossard), and Ludwig for their input. Point 1 – Lack of wire protocol definitions: The industry [...]
Categories: Authorization, Standards, XACML
Comments: 2 Comments
August 4, 2010
One of the points I made during my vendor lightning round session at Burton Catalyst last week was that the industry should be looking ahead to an XACML 3.0 interop in 2011, perhaps at the next Catalyst conference. Catalyst was the site of the first ever XACML interop demonstration back in 2007 and would be [...]
Categories: Standards, XACML
Comments: Be the first to comment
July 14, 2010
In a previous post discussing XACML performance myth-busting, I described several areas in an XACML authorization system where performance issues can be addressed. Since then, my colleague David Brossard created the diagram below to illustrate potential performance bottlenecks. To refresh your memory, here is the issue for each numbered item in the diagram (see the [...]
Categories: Authorization, Performance, XACML
Comments: Be the first to comment
April 30, 2010
It’s a common misconception that XACML authorization systems perform poorly by default because they are XML-based. While it is true that XML systems can be slow, XACML product vendors have many techniques at their disposal to address performance concerns. Keep in mind, however, that every application and every deployment has its own performance considerations and [...]
Categories: Performance, XACML
Comments: 4 Comments
