Comments for Analyzing Identity http://analyzingidentity.com Gerry Gebel's Identity Industry Insights Fri, 18 Mar 2011 15:28:58 +0000 hourly 1 http://wordpress.com/ Comment on Take 2, talking authZ with Gunnar by Take 3, talking authZ and TOCTOU with Gunnar « Analyzing Identity http://analyzingidentity.com/2011/01/28/take-2-talking-authz-with-gunnar/#comment-163 Fri, 18 Mar 2011 15:28:58 +0000 http://analyzingidentity.com/?p=100#comment-163 [...] to my colleagues, David Brossard and Pablo Giambiagi, for their input. You can also find part 1 and part 2 of the conversation on this [...]

]]> Comment on The Anywhere Application Architecture by Take 3, talking authZ and TOCTOU with Gunnar « Analyzing Identity http://analyzingidentity.com/2010/06/08/the-anywhere-application-architecture/#comment-162 Fri, 18 Mar 2011 15:28:46 +0000 http://analyzingidentity.com/?p=56#comment-162 [...] talked previously about the XACML Anywhere Architecture where a callback from a Cloud Provider queries PDP; this would enable the Cloud Provider to get the [...]

]]> Comment on Talking authorization with Gunnar Peterson by Take 3, talking authZ and TOCTOU with Gunnar « Analyzing Identity http://analyzingidentity.com/2010/12/15/talking-authorization-with-gunnar-peterson/#comment-161 Fri, 18 Mar 2011 15:28:40 +0000 http://analyzingidentity.com/?p=96#comment-161 [...] also to my colleagues, David Brossard and Pablo Giambiagi, for their input. You can also find part 1 and part 2 of the conversation on this [...]

]]> Comment on Take 2, talking authZ with Gunnar by Tweets that mention Take 2, talking authZ with Gunnar « Analyzing Identity -- Topsy.com http://analyzingidentity.com/2011/01/28/take-2-talking-authz-with-gunnar/#comment-147 Fri, 28 Jan 2011 14:24:04 +0000 http://analyzingidentity.com/?p=100#comment-147 [...] This post was mentioned on Twitter by Paul Madsen, 4403 and Kenji Urushima, Gerry Gebel. Gerry Gebel said: Cross posted take 2 of XACML conversation w/ @oneraindrop http://bit.ly/hp0sao [...]

]]> Comment on Talking authorization with Gunnar Peterson by Take 2, talking authZ with Gunnar « Analyzing Identity http://analyzingidentity.com/2010/12/15/talking-authorization-with-gunnar-peterson/#comment-145 Fri, 28 Jan 2011 13:41:08 +0000 http://analyzingidentity.com/?p=96#comment-145 [...] Analyzing Identity Gerry Gebel's Identity Industry Insights « Talking authorization with Gunnar Peterson [...]

]]> Comment on About by Dazza Greenwood http://analyzingidentity.com/about/#comment-144 Wed, 26 Jan 2011 04:56:20 +0000 #comment-144 Great information about XACML. Thanks very much.
– Dazza

]]> Comment on Authorization Performance Myth Busting by ggebel http://analyzingidentity.com/2010/04/30/authorization-performance-myth-busting/#comment-128 Fri, 03 Dec 2010 16:41:02 +0000 http://analyzingidentity.com/?p=22#comment-128 Chi – you are right that querying whether a user has access to large numbers of assets is a bit challenging for XACML-based systems. However we have an interesting way of addressing this and you can contact me at gerry-at-axiomatics-dot-com to learn about it.

Gerry

]]> Comment on Authorization Performance Myth Busting by Chi http://analyzingidentity.com/2010/04/30/authorization-performance-myth-busting/#comment-123 Fri, 26 Nov 2010 05:56:00 +0000 http://analyzingidentity.com/?p=22#comment-123 One problem I need to solve is user searching/browsing in a repository. For example, if the repository has 100k+ assets (or even millions), and we employ a faceted search engine like Apache Solr, how can we get around this performance problem? Note that Solr faceted search requires looking through all the assets in the repository via its indexes? Even without Solr, if you just want to offer paged search results, you will still need to iterate through the assets. Is the answer simply: no it cannot be done?

]]> Comment on PayPal Selects Axiomatics Access Management Solution by Pat Patterson http://analyzingidentity.com/2010/11/18/paypal-selects-axiomatics-access-management-solution/#comment-121 Sun, 21 Nov 2010 17:02:24 +0000 http://analyzingidentity.com/?p=92#comment-121 Congratulations, Gerry – it’s good to see XACML getting traction!

]]> Comment on Discussing XACML with Travis by Travis Spencer http://analyzingidentity.com/2010/10/06/discussing-xacml-with-travis/#comment-57 Fri, 15 Oct 2010 06:26:39 +0000 http://analyzingidentity.com/?p=88#comment-57 Thanks for the response to my blog post, Gerry! You made some good points and gave me a lot of food for thought.

I certainly agree that there are cases where users will need full access to the power of XACML and times when they will accept that a high level of sophistication is needed to work w/ it directly, especially if this is contained in a single upfront investment in the creation of slow changing policies. For some scenarios that I have in mind, however, policy authoring is an ongoing business function which is why I said a simplified, domain-specific façade atop XACML is important.

Also, I completely agree that new wire protocols be defined in a collaborative environment where all stakeholders have a voice. This open dialog is one aspect of this that I’m eager to continue at IIW, RSA, and other upcoming conferences. Perhaps I’ll even join OASIS to lend a hand in the definition of these profiles :-)

Thanks again, Gerry!

]]>