close up of railway tracks

What is a XACML condition?

It’s that time of the week when the creative juices go south and the urge to relax hits all-time records. And I know you are all craving for some XACML goodness before you head out for the weekend. After all, just a spoonful of XACML makes the… Uh who am I kidding? Let’s get on with this new episode of TGIF XACML. Today, let’s focus on a XACML condition. Definition A condition is an element of the XACML policy language. Unlike targets, it can only occur in rules. The condition is used to further define the scope of XACML rules. The scope defines when the rule will trigger. Both the target and the condition therefore help define the scope of […]

Free colorful crochet thread balls

What is a XACML combining algorithm?

Today’s Friday, the weather is definitely telling us winter is right around the corner. Morning temperatures have been heading south and are flirting with the freezing point. The skies are still clear and a bright blue.Before the weekend comes knocking, it’s this time of the week when I share a bit of XACML know-how to chew on over the next couple of days. In the training sessions we regularly give at Axiomatics, attendees sometimes struggle with the notion of authorization conflict resolution. At times, you might write policies that overlap or contradict one another. This is where combining algorithms come into play. Combining Algorithm Example Imagine the following use case: What happens if Alice, the purchasing manager from Vermont, is […]

person wearing red hoodie

Authorization, it’s not just about who you are – feedback from JavaZone 2013

I was fortunate enough to be one the speakers at JavaZone 2013 in Oslo, a stone’s throw from the Axiomatics headquarters in Stockholm. One of the organizers, Ole-Alex had asked me to give an overview of XACML to a crowd of Java developers and architects.I decided to focus on the consolidation and flexibility aspects of XACML. For a developer, the natural reflex when it comes to implementing authorization is to “do-it yourself” or at best to use a framework, e.g. Spring Security or JAAS. While these frameworks are great and the right step towards externalized authorization, they fall short of implementing truly dynamic authorization.The first part of the presentation therefore covers the current state of the art before introducing Attribute-based […]

arrows pierced on a target

What is a XACML target?

Today’s Friday, the weather has been amazingly nice these past few weeks in Stockholm which is all the more surprising since September is on the slope down to darker, wetter, and colder days. The weekend ahead looks promising. I’ll be heading out to fellow colleague, Andreas’ summer house out in the archipelago. But before I walk out the door, I thought I’d share a bit of XACML know-how to chew on over the next couple of days. In the training sessions we regularly give at Axiomatics, attendees often ask what a target is. XACML Target Definition A target is an element of the XACML policy language. It can occur in policy sets, policies, and rules. The target is used to […]

blue retractable pen

XACML for Developers – Updates, New Tools, & Patterns for the Eager #IAM Developer

XACML is the standard for attribute-based & policy-based access control and fine-grained authorization. At the Cloud Identity Summit 2013, CIS Napa, last week, I had the privilege to be part of one of the sessions Hans Zandbelt was leading on advanced identity concepts. I chose to dive deeper into XACML and to provide updates for the developer community.My slides are available from slideshare and below. Learn how developers can benefit from XACML.