Archive for the ‘XACML’ category
May 25, 2012
Microsoft has introduced a significant feature enhancement to Windows Server 2012, Dynamic Access Control (DAC). This is big upgrade from the access control lists (ACLs) used in previous generations of Windows Server, giving enterprises a richer and more flexible authorization model at their disposal. The new functionality gives enterprises tools to more effectively control access [...]
Categories: Authorization, Conferences, Uncategorized, Windows Server 2012, XACML
Comments: Be the first to comment
April 5, 2012
Last year, James McGovern who previously was in the role of Chief Security Architect for The Hartford and now is the lead Enterprise Architect for HP focused on insurance and I held several discussions (Part 1, Part 2, Part 3) on using entitlements management within the insurance vertical. Now that we are in a new [...]
Categories: Architecture, Authorization, Development, Standards, XACML
Comments: 1 Comment
June 29, 2011
This is Felix Gaehtgens and I am one of the latest additions to the Axiomatics team. My colleagues Gerry Gebel and David Brossard were so nice to offer me a space on their blogs. As a former industry analyst, I’m going to start here, and post my future more technical musings on David’s blog. Speaking [...]
Categories: Architecture, Standards, Uncategorized, XACML
Tags: Axiomatics, XACML
Comments: Be the first to comment
April 6, 2011
Here is the third installment in a series of conversations I have had with James McGovern, enterprise architect extraordinaire. In this post, we expand the scope from insurance scenarios to include some broader enterprise contexts for externalized authorization. JM: Over the last couple of years, I have had lots of fascinating conversations with Architects in [...]
Categories: Architecture, Authorization, Standards, XACML
Comments: 2 Comments
March 18, 2011
Here is part 3 of a conversation with Gunnar Peterson where we continue talking about externalized authorization, who in the organization is involved in an XACML system deployment – and it even includes a discussion of TOCTOU concerns as it relates to a XACML system. Thanks also to my colleagues, David Brossard and Pablo Giambiagi, for [...]
Categories: Architecture, Authorization, Standards, XACML
Comments: Be the first to comment
March 2, 2011
The conversation with James McGovern continues… here is the next installment in a series of posts on the applicability of XACML-based authorization for the insurance industry: JM: We had a great discussion covering basic entitlement scenarios and how they can be applied to the insurance vertical. Are you ready for some scenarios that are more [...]
Categories: Architecture, Authorization, Standards, XACML
Comments: 2 Comments
February 16, 2011
In my past role of Industry Analyst at Burton Group, I used to have frequent conversations with James McGovern who at the time was in the role of Chief Security Architect for The Hartford and is now a Director with Virtusa where he focuses on Enterprise Architecture and Information Security. Recently, we had a dialog [...]
Categories: Authorization, Standards, XACML
Comments: 2 Comments
December 15, 2010
Gunnar Peterson and I had a discussion about why authorization should start to receive more attention in the infosec industry. He feels that most infosec pros are over emphasizing authentication and it’s time to look more toward authorization. Since I now work for Axiomatics, I couldn’t agree more . Here is a transcript of the conversation: [...]
Categories: Authorization, Standards, XACML
Comments: 2 Comments
October 6, 2010
Travis Spencer (@travisspencer) raised a few issues with XACML and proposed some solutions in a recent blog post. I’d like to take this opportunity to respond in the interest of continuing the conversation. Thanks to my colleagues, Erik, David (@davidjbrossard), and Ludwig for their input. Point 1 – Lack of wire protocol definitions: The industry [...]
Categories: Authorization, Standards, XACML
Comments: 2 Comments
August 4, 2010
One of the points I made during my vendor lightning round session at Burton Catalyst last week was that the industry should be looking ahead to an XACML 3.0 interop in 2011, perhaps at the next Catalyst conference. Catalyst was the site of the first ever XACML interop demonstration back in 2007 and would be [...]
Categories: Standards, XACML
Comments: Be the first to comment
