XACML

The Entitlement Server is a decision engine that evaluates security policies to provide granular access control to an organization’s resources.

Fine-grained authorization has been a challenge for software architects. For many years, developers have embedded authorizations within applications. Sophisticated infrastructure services enabling fine-grained authorizations were not available and developers were forced to code authorization decisions in their applications. Modern architectures, which separate infrastructure and application functions, as well as new compliance mandates for more granular access control and policy transparency, demand entitlement management services.

Attribute Based Access Control

  • Fine-grained access control policies based on subject, resource, environment and action attributes
  • XACML 2 Implementation
  • Portable and reusable policies enforceable accross multiple platforms
  • As more attributes are involved, number of roles and permissions explode with RBAC – need ABAC even though more complex than RBAC
  • All aspects of access request are identified by attributes
  • Rules Engine Integration

The OpenIAM Access Manager uses an architectural model that externalizes policy and authorization decisions from within applications to a policy based, context aware authorization service that controls access to resources. Policy Enforcement Points are the locations where the policies are enforced and security decisions about access to a resource are implemented.

Polices are rules that define what action, if any, a user can take on a resource. These policies may be simple or complex.  Simple policies may be expressed in terms of privileges such as Read, Write, Update, or Delete.  More complex policies may be used to address scenarios such as access based on geographic location or time restrictions. For example, a user’s profile may indicate that he or she is based in North America while the request may be coming from Asia. A policy can be defined to control such behavior.

Recent Posts
Cortlandt Manor, NY: OpenIAM announces version 3.5 of the Identity and Access Governance solution. The new release improves upon the previous version by offering better performance and scalability, improved flexibility, and better tools for operational support. Some of the new...
CORTLANDT MANOR, NY JUNE 21, 2016: OpenIAM, a top Open Source Identity and Access Management vendor, has bolstered security at organizations while increasing employee productivity through its automated Self-Service Portal. In lieu of calls to the help desk due to...
OpenIAM Profiled in CIO Review
This month, OpenIAM was featured in the technology magazine CIO Review.
Many of our Identity Management customers have a Microsoft Environment which consists of Microsoft Active Directory and complementary components such as Microsoft Exchange, Lync, SQL server, etc. Many of these customers have, or are in the process of adopting Microsoft’s...
See
More
Posts
read more
Sign in
Register
or
Lost your password?
Register

Products of Interest

How did you hear about us?

Registration confirmation will be emailed to you.