XACML

The Entitlement Server is a decision engine that evaluates security policies to provide granular access control to an organization’s resources.

Fine-grained authorization has been a challenge for software architects. For many years, developers have embedded authorizations within applications. Sophisticated infrastructure services enabling fine-grained authorizations were not available and developers were forced to code authorization decisions in their applications. Modern architectures, which separate infrastructure and application functions, as well as new compliance mandates for more granular access control and policy transparency, demand entitlement management services.

Attribute Based Access Control

  • Fine-grained access control policies based on subject, resource, environment and action attributes
  • XACML 2 Implementation
  • Portable and reusable policies enforceable accross multiple platforms
  • As more attributes are involved, number of roles and permissions explode with RBAC – need ABAC even though more complex than RBAC
  • All aspects of access request are identified by attributes
  • Rules Engine Integration

The OpenIAM Access Manager uses an architectural model that externalizes policy and authorization decisions from within applications to a policy based, context aware authorization service that controls access to resources. Policy Enforcement Points are the locations where the policies are enforced and security decisions about access to a resource are implemented.

Polices are rules that define what action, if any, a user can take on a resource. These policies may be simple or complex.  Simple policies may be expressed in terms of privileges such as Read, Write, Update, or Delete.  More complex policies may be used to address scenarios such as access based on geographic location or time restrictions. For example, a user’s profile may indicate that he or she is based in North America while the request may be coming from Asia. A policy can be defined to control such behavior.

Recent Posts
RSA Conference 2019
We will be exhibiting at the RSA Conference in San Francisco in March, and welcome the opportunity to meet you in person for questions and on-site demos. For a complimentary Expo Plus Pass, please use the registration code XEU9OPENIAM at the RSA...
For colleges and universities, OpenIAM introduces an industry-specific IAM solution for students and faculty which incorporates technologies such as Docker and Identity-as-a-Service (IDaaS). CORTLANDT MANOR, N.Y.--(BUSINESS WIRE)--OpenIAM, LLC announces the release of a fully featured Identity Governance and Web Access...
OpenIAM v4.1 provides organizations with a feature complete IAM platform which leverages modern technologies such as Docker, Kubernetes, Elasticsearch and Redis to provide a user-friendly, small footprint solution which is currently in production at mid to large enterprises globally. Cortlandt...
CORTLANDT MANOR, NY JUNE 21, 2016: OpenIAM, a top Open Source Identity and Access Management vendor, has bolstered security at organizations while increasing employee productivity through its automated Self-Service Portal. In lieu of calls to the help desk due to...
See
More
Posts
read more
Sign in
Register
or
Lost your password?
Register

Products of Interest

How did you hear about us?

Registration confirmation will be emailed to you.