Archive for the ‘Conferences’ category

XACML and Dynamic Access Control in Windows Server 2012

May 25, 2012

Microsoft has introduced a significant feature enhancement to Windows Server 2012, Dynamic Access Control (DAC). This is big upgrade from the access control lists (ACLs) used in previous generations of Windows Server, giving enterprises a richer and more flexible authorization model at their disposal. The new functionality gives enterprises tools to more effectively control access to the vast amounts of data in Windows file shares, while complying with business, security and compliance policies. You can find an excellent introduction to Dynamic Access Control here and I expect Microsoft to publish much more information, as we get closer to the GA date for Windows Server 2012.

At Axiomatics, we have added a new feature to our core XACML engine – Axiomatics Policy Server – so that XACML authorization policies can be converted into a format recognized by the DAC function in Windows Server 2012. To implement DAC, Microsoft uses Security Descriptor Definition Language, or SDDL. The Axiomatics feature automatically translates XACML policies into SDDL format and loads the policies into your Windows Server 2012 Active Directory.

There are several benefits to the Axiomatics integration that will enhance Windows Server 2012 deployments, including:

  • Leverage a central authoritative source of access policies: XACML access policies that are implemented across other applications in the enterprise can now be applied to Windows Server environments.
  • Manage and control access to file server resources more easily: Policy languages provide, such as XACML, provide a more direct and flexible model for managing access to vast amounts of data spread across hundreds or thousands of servers.
  • Meet audit and compliance requirements more easily: An externalized and authoritative source for access policies means you have fewer places to audit and certify the access controls for critical applications and data
  • Report on who has access: Axiomatics provides advanced reporting tools to fully explore and validate your access control policies
  • Consistently enforce access across applications and platforms: Enable your Windows Server 2012 to participate in a broader, central authorization service. In this mode, enterprises can ensure a consistent level of policy enforcement across the environment – based on the single, authoritative source of access policies.
  • Best runtime performance: Windows Server 2012 performance is not impacted, since its normal internal access control mechanism is being utilized – there is no callout to an external authorization engine. This gives enterprises the best performance possible, but also provides the assurance that access control is being implemented according to centrally managed policies.
  • Increase value of your XACML investment: Integration with platforms such as Windows Server 2012 or Microsoft SharePoint 2010 extends the reach of your XACML authorization system.

If you are planning to visit Microsoft TechEd 2012, please stop by our booth in the partner pavilion for a demonstration.


Spring and Summer conference schedule

May 4, 2011

It seems that this time of year the conference circuit begins to intensify before taking a break for summer vacations. Unfortunately I am not able to join the identerati at IIW this week, but here is the schedule for the rest of spring and summer:

European Identity Conference: Located in beautiful Munich, this promises to be another excellent event. Of particular intrigue is the fact that Craig Burton will be joining KuppingerCole as an analyst – very exciting news! In addition to Axiomatics sharing an exhibit floor booth with Ping Identity, I will be participating in the following sessions

Glue Conference: This is one of Eric Norlin’s creations and promises to be an interesting and informative event – particularly for you developers out there. A new program was introduced this year where Alcatel-Lucent has funded “demo pods” in the exhibitor space for interesting startup vendors. So, a big thank you to Alcatel-Lucent and the selection committee for picking Axiomatics as a demo pod participant.

Cloud Identity Summit: 2011 is the second year for the Cloud Identity Summit, hosted by Ping Identity.  Just give a quick look at the agenda and speaker lineup and I expect you will be registering immediately. Plus, Andre has lined up 15 workshops on various cloud and identity topics… 15 workshops, are you kidding me? What conference gives you that kind of learning opportunity? I am pleased to be giving The Essential XACML Primer workshop again this year – please come out to Keystone, CO for this amazing event!

Gartner Catalyst Conference: Axiomatics will have a hospitality suite for the first time at Catalyst this year. For those of you familiar with the Catalyst format, hospitality suites are unlike exhibit spaces at any other conference. They are fun, themed based settings where you can enjoy yourself while mingling with other attendees – and learn a little about vendor offerings. Please join us at Catalyst and look for a very unusual and fun giveaway in the Axiomatics suite.

Return to Catalyst

August 2, 2010

Last week marked my first visit to a Catalyst conference since departing from Burton Group earlier this year. Let’s just say it is a LOT more relaxing to be there as an attendee and speaker than as part of the production team!!

I found the latest Catalyst to be informative, entertaining, and it exuded a high level of energy – just what you want in a conference. In the identity management sessions, I appreciated the focus on externalized authorization, virtual directories, and federation. The Concordia workshop on authorization was well attended and showcased progress made in a number of areas in the recent past. The workshop also highlighted some areas where the industry can focus energy, such as:

Burton Group has a great formula for the Catalyst Conference and apparently Gartner agrees since Catalyst 2011 in San Diego was announced last Thursday. I plan to be there, how about you?