TGIF XACML – what’s a XACML combining algorithm?

Today’s Friday, the weather is definitely telling us winter is right around the corner. Morning temperatures have been heading south and are flirting with the freezing point. Skies are still clear and a bright blue. Before the weekend comes knocking, it’s this time of the week when I share a bit of XACML know-how to chew on over the next couple of days. In the training sessions we regularly give at Axiomatics, attendees sometimes struggle with the notion of combining algorithms. Combining Algorithm Definition Combining algorithms are used to resolve conflicts between multiple policies and rules that apply at the same time. Imagine the following use case: Managers in purchasing can approve transactions. A user cannot approve a transaction outside […]

Authorization, it’s not just about who you are – feedback from JavaZone 2013

I was fortunate enough to be one the speakers at JavaZone 2013 in Oslo, a stone’s throw from the Axiomatics headquarters in Stockholm. One of the organizers, Ole-Alex had asked me to give an overview of XACML to a crowd of Java developers and architects. I decided to focus on the consolidation and flexibility aspects of XACML. For a developer, the natural reflex when it comes to implementing authorization is to “do-it yourself” or at best to use a framework, e.g. Spring Security or JAAS. While these frameworks are great and the right step towards externalized authorization, they fall short of implementing truly dynamic authorization. The first part of the presentation therefore covers the current state of the art before […]

TGIF XACML – What’s a XACML target?

Today’s Friday, the weather has been amazingly nice these past few weeks in Stockholm which is all the more surprising since September is on the slope down to darker, wetter, and colder days. The weekend ahead looks promising. I’ll be heading out to fellow colleague, Andreas’ summer house out in the archipelago. But before I walk out the door, I thought I’d share a bit of XACML know-how to chew on over the next couple of days. In the training sessions we regularly give at Axiomatics, attendees often ask what a target is. XACML Target Definition A target is an element of the XACML policy language. It can occur in policy sets, policies, and rules. The target is used to […]

Ready to roll at the Cloud Identity Summit 2013, Napa #CISNapa

It’s already day 2 of the Cloud Identity Summit. Day 1 focused on workshops and so will day 2 along with bootcamps and interops including workshops on Microsoft Identity & the Cloud. Standards will be hailed like never before: OAuth 2.0, OpenID Connect, and SCIM will be represented in a standards-focused workshop while SAML, the star of the conference, will be highlighted in a hands-on demo of PingFederate by John Da Silva. In the afternoon, I will have the privilege of completing the standards quintet as I take on my developer hat to talk about XACML, and the latest efforts around REST and JSON APIs / encoding for XACML 3.0. I will be uploading my slides later for those of […]