The Entitlement Server is a decision engine that evaluates security policies to provide granular access control to an organization’s resources.

Fine-grained authorization has been a challenge for software architects. For many years, developers have embedded authorizations within applications. Sophisticated infrastructure services enabling fine-grained authorizations were not available and developers were forced to code authorization decisions in their applications. Modern architectures, which separate infrastructure and application functions, as well as new compliance mandates for more granular access control and policy transparency, demand entitlement management services.

Attribute Based Access Control

  • Fine-grained access control policies based on subject, resource, environment and action attributes
  • XACML 2 Implementation
  • Portable and reusable policies enforceable accross multiple platforms
  • As more attributes are involved, number of roles and permissions explode with RBAC – need ABAC even though more complex than RBAC
  • All aspects of access request are identified by attributes
  • Rules Engine Integration

The OpenIAM Access Manager uses an architectural model that externalizes policy and authorization decisions from within applications to a policy based, context aware authorization service that controls access to resources. Policy Enforcement Points are the locations where the policies are enforced and security decisions about access to a resource are implemented.

Polices are rules that define what action, if any, a user can take on a resource. These policies may be simple or complex.  Simple policies may be expressed in terms of privileges such as Read, Write, Update, or Delete.  More complex policies may be used to address scenarios such as access based on geographic location or time restrictions. For example, a user’s profile may indicate that he or she is based in North America while the request may be coming from Asia. A policy can be defined to control such behavior.

Recent Posts
OpenIAM, next generation identity governance, web access management, MFA and CIAM platform, announced today that it is participating in the launch of Professional Services in AWS Marketplace. Amazon Web Services (AWS) customers can now find and purchase Identity and Access...
The latest commercial version of OpenIAM’s fully integrated next-gen, IAM platform features new capabilities for Customer IAM (CIAM), strong authentication, audit & compliance, and user life cycle for the mid to large enterprise with DevOps tools to simplify both on-premise...
The latest release by OpenIAM adds support for Red Hat Enterprise Linux 8 and continues to extend its scalable microservices based solution OpenIAM LLC, has announced the release of Identity and Access Management Platform version 4.1.6 today. This release adds...
OpenIAM v4.1 provides organizations with a feature complete IAM platform which leverages modern technologies such as Docker, Kubernetes, Elasticsearch and Redis to provide a user-friendly, small footprint solution which is currently in production at mid to large enterprises globally. Cortlandt...
read more
Sign in
Lost your password?

Products of Interest

How did you hear about us?

Registration confirmation will be emailed to you.